Insider threats are very real and cost an organization not only financial loss but also legal troubles depending on the information that is leaked. Most enterprise security teams typically focus on mitigating external attacks, many organizations lack visibility into threats posed by malicious insiders. There are third party services such as Flashpoint that combine extensive knowledge of malicious insiders’ techniques, tactics, and procedures (TTPs) with targeted monitoring of the Deep & Dark Web to help organizations proactively detect and mitigate a broad spectrum of insider threats.

Typical insider threats include:

• Intellectual Property Theft: The high black-market value and ample demand for IP on the Deep & Dark Web means that for malicious insiders with access to valuable company information, selling such access can provide a quick and profitable return.

• Insider Recruitment: In order to recruit insiders, threat actors typically post advertisements to various Deep & Dark Web forums.

In addition, organizations can implement the following measures to enhance your information security posture to fight against leakage of information:

• Assets within the organization must be analyzed to determine their level of sensitivity/importance.

• Implementation of a data loss prevention solution (DLP) to identify/prevent possible exfiltration of data is important (whether the data is exfiltrated via e-mail, web or through removable media).

• Sensitive data/documents should digitally fingerprinted in order to protect sensitive information and identify if it does in fact get leaked.

• Revising roles and enforcing core security principles as least privilege access and separation of duty can help assist with providing individuals the necessary/required access to resources on the network in order to prevent unauthorized individuals from accessing resources that are not within their purview.

• Account monitoring and logging allows an organization to identify normal user activity from any deviations that may be occurring.

If  you need information on establishing an Insider Threat Program I recommend the following source: http://www.cdse.edu/toolkits/insider/establishing.html