The Insider Threat is Evolving – So Must We

By: Padrick Doyle, Chief Information Security Officer, and Victor Vichith, Sr. Manager of Insider Risk, Strider Technologies

Insider Threat Awareness Month serves as a reminder that many significant risks to organizations come from within. Strider’s strategic intelligence empowers organizational leaders across industry, government, and academia to safeguard their most critical assets and innovation from state-sponsored threats—both from within the organization and from external relationships.

“Insider Risks” and “Insider Threats" are not new concepts (these terms are synonymous). In addition to protecting their company’s intellectual property and assets, insider threat teams are also responsible for protecting employees and the important work they do. All full-time employees, contractors, and trusted partners have access to sensitive material and therefore carry the shared responsibility to protect critical technology and information pertaining to their organization. Sensitive material is not just an organization’s IP and employee personnel records—it also includes any material that is considered business confidential or information that is not publicly available.

Threats constantly evolve as technology becomes more sophisticated. Today’s insiders are motivated by ideology, financial gain, and coercion. Regardless of whether the threat event was done deliberately or carelessly, the consequences may be catastrophic.

Industry reports indicate that 60%-80% of organizations experienced an insider threat in the past year. This risk is amplified by nation-state actors focused on acquiring sensitive technology and trade secrets in sectors like aerospace, defense, life sciences, and semiconductor manufacturing.

To best protect our own organization, Strider constantly evolves its Insider Risk Program to identify risk behaviors and actions that serve as indicators for vulnerabilities that may be exploited by foreign governments to exfiltrate intellectual property or other sensitive information.

Mitigating insider threats and risks demand an organization-wide culture of trust, transparency, and shared responsibility. A resilient insider threat program rests on four pillars:

People and Trust

People are the heart of every company; therefore, every insider risk program requires a culture of trust. Employees are the first line of defense. Building a culture of trust means fostering an environment where individuals feel valued, supported, and responsible for the mission.

Open communication, consistent leadership engagement, and strong ethics empower employees to speak up when they notice concerning behaviors. Organizations can reinforce trust by encouraging early reporting, reducing fear of retaliation, and creating a climate where security is seen as a shared goal—not a burden.

Education and Awareness

Awareness is essential, but it must go beyond one-off trainings or compliance checklists. Education around insider threats should be continuous, relevant, and tailored to the roles and responsibilities of the workforce.

Strider advocates for scenario-based training that addresses real-world insider threat cases, including insider activity linked to foreign adversaries. Trainings should highlight behavioral red flags, potential coercion tactics, and ethical dilemmas, which helps employees recognize subtle risks before they escalate. Education must also emphasize positive reinforcement, empowering employees to act and feel ownership in protecting the organization.

Technology and Tools

Technology plays a critical role in identifying insider threats. Modern insider threat programs should transparently incorporate tools for user activity monitoring, behavioral analytics, and anomaly detection that respects privacy while enabling visibility into risk.

Strider’s capabilities proactively combine open-source intelligence and behavioral signals to identify strategic insider threats. While technology detects technical anomalies, it’s the human-centric indicators like anomalous patterns, historic violations, or changes in behavior that provide the context. Tools deployed responsibly and transparently create a safety net that augments human judgment without eroding trust.

Evaluation and Feedback

Threats evolve, organizations change, and mitigation strategies must adapt in kind. Regular evaluation through red teaming (a practice where a team of experts simulates real-world attacks on an organization's systems and defenses to identify vulnerabilities and improve security), risk assessments, and post-incident reviews ensures security controls remain relevant and effective.

Employees at each level of the organization need a voice in how insider threat policies are implemented. Anonymous reporting tools, feedback surveys, and after-action debriefs help organizations refine their approach and uncover blind spots. Treating insider threat defense as an ongoing learning process enables organizations to build resilience.

Insider Threat Awareness Month is a call to action. We encourage organizations of all sizes to assess their exposure, revisit their insider threat programs, and engage with trusted partners to strengthen their defenses. Together we can safeguard innovation, economic competitiveness, and national security.

Insiders have the advantage. They understand the systems, culture, and weaknesses. Armed with a culture of vigilance and trust, consistent training, and the appropriate tools and policies, organizations can take back their power.

Within organizations, everyone has a role to play when it comes to mitigating insider risk. And the more we understand the threat within, the better prepared we are to defend what matters most.