The insider threat

February 2019 Asset Management, Integrated Solutions, Logistics (Industry)

Sitting in your office doing what you are doing as a C-suite gate-keeper or other senior management role, you proceed with your to-do things daily, as you should. You are doing exactly what you are supposed to be doing and what you are paid for. Or are you?

Talking about risk we understand that threats to our work environment come in different guises such as physical attacks to the business that include robbery or business break-ins or theft. Other threats present themselves in the form of cyber-attacks and IP theft (industrial espionage).

Andre Du Venage.
Andre Du Venage.

Considering logistics and warehousing operations, normally these threats are viewed from an outside-in perspective and most security is concentrated on keeping outsiders outside and away from goods manufactured or goods stored/ kept in warehouses. The security focus typically involves physical measures that include a good perimeter, security protection, armed response, access controls, visitors’ policy, vehicle tracking and monitoring, staff controls and standard operating procedures. This should be standard practise and the bare minimum for operations.

But when we talk insider threat, the question arises as to what do we do to keep the insider threat at bay. Insider refers to the staff member (permanent or contract) colluding in some way with outsiders to steal from the operation, normally in bulk, to effect a substantial loss. Insiders can also collude with other insiders to engage in criminal acts to hurt the company in different ways.

More questions that arise include:

• How do we keep the insider from colluding with other parties inside or outside?

• If the insider engages in illegal activity, how do I expose the person?

• Are there red flags to look out for?

• How do I handle the concern if red flags pop up?

Make a plan

The starting point to answer these operational questions lies with policies and procedures. An SOP on each business activity is essential not just for ensuring operations are taking place according to the sales plan, but also to the security risk plan. Does your company have a security risk plan? If not you need to start there and get staff aware that your business will defend against insider attack.

Having witnessed truck hijackings and bulk cargo theft first hand over many years, it came to mind that the attack will happen due to the fact that the system will be tested by criminals in their eagerness and greed to get their hands on other peoples’ property because it is an easy way to earn a living. The fact that it is not an honest living is of no consideration to most thieves.

What makes the difference in being repeatedly attacked is the response to the attack. If the response is weak, the attacks will continue. If the response is good and the attackers are apprehended or forced to leave the hijacked truck next to the road due to security counter-measures, then the attacks will dissipate.

The same principle applies to other operations in that if the attackers understand that once they attack, they themselves will become the target (of the security response) then they will think twice before trying that again. We need to act on insiders in a concise and effective way in order to create uncertainty and fear in the mind of the next person planning an attack.

Red flag alert

Insiders expose themselves by way of red flags popping up in operations that may start with absenteeism, right through to negligence or more open incidents of theft.

Insider threat manifests when company operations flow such that it opens doors to opportunity for crimes or outsiders are hired to infiltrate the organisation and go unnoticed. This article does not go into the motivations insiders have to commit theft, but often opportunity arrives by accident due to grey areas in the business operations.

It takes a concerted security risk management effort to identify and expose criminal insiders. The easier option would be to deter or deflect such opportunists and criminals from the operation by closing operational gaps and opportunities for crime. Each business must consider its own unique environment that includes product, staff make-up, policies and procedures.

The insider threat will always remain so the best approach is to identify the operational gaps that create opportunity, hire knowledgeable security staff and a strong security leader (with influence). The CEO/COO/MD should be the person the security leader reports to in most operations. The security manager needs to champion the security process and show progress and results, and this includes an active programme to also focus inside to the internal risks.

For more information, contact Andre Du Venage, Secure Logistics, +27 11 391 6268, [email protected]





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

AI making South African roads safer
Asset Management Transport (Industry) AI & Data Analytics
Driver fatigue is a significant contributor to road accidents globally. While reliable statistics for South Africa are hard to come by, it has been estimated that fatigue is a factor in 25% - 30% of fatal crashes.

Read more...
Simplified fire and facilities management from one screen
Fire & Instrument Services Facilities & Building Management Fire & Safety Asset Management
Fire & Instrument Services (F&IS) and Scansoft are simplifying the complexities of facilities management, including fire safety, with iBMS Adrenaline, an integrated building and facilities management system enabling companies to monitor, control, and manage system hardware through a single interface.

Read more...
Cost-effective and reliable remote connectivity
Agriculture (Industry) Integrated Solutions Infrastructure
Companies that operate in hard-to-connect areas now have access to reliable connectivity due to a collaboration between MTN South Africa, Vox and Tarana technology.

Read more...
Three-quarters of cars sold in 2023 had embedded telematics
IoT & Automation Asset Management
A new research report from the IoT analyst firm, Berg Insight, shows the number of telematics service subscribers using embedded systems will grow at a compound annual growth rate (CAGR) of 14,6% 2023 to 2028.

Read more...
Vivotek unveils new AI RealSight Engine
AI & Data Analytics Asset Management
Vivotek has announced an upgrade to its AI security solution that transforms images captured by network cameras into clear, visible facial images under any lighting conditions. Even in backlit environments, facial expressions are rendered clearly.

Read more...
Advanced Perimeter Intrusion Detection Systems
XtraVision OPTEX Technews Publishing Modular Communications Perimeter Security, Alarms & Intruder Detection Integrated Solutions Products & Solutions
Making full use of fibre installations around the perimeter by adding Perimeter Intrusion Detection Systems means you can easily add another layer of security to existing surveillance and fencing systems.

Read more...
A critical component of perimeter security
Nemtek Electric Fencing Products Gallagher Technews Publishing Stafix Editor's Choice Perimeter Security, Alarms & Intruder Detection Integrated Solutions
Electric fences are standard in South Africa, but today, they also need to be able to integrate with other technologies and become part of a broader perimeter security solution.

Read more...
Unlocking new efficiencies in private security
Security Services & Risk Management Transport (Industry) Smart Home Automation Logistics (Industry)
Justin Manson, Sales Director at Webfleet, discusses how the urgent need to protect life, and to do so more efficiently, is driving continuous innovation in holistic home and residential security services in South Africa.

Read more...
Natural catastrophes and fire risks top concerns
Security Services & Risk Management Asset Management Residential Estate (Industry)
Natural disasters are the highest risk in the real estate industry, followed by fire and explosions, and then business interruption. Estates must prioritise risk management and take proactive measures to safeguard their assets, employees, and reputation.

Read more...
Building a solid foundation
Alwinco Security Services & Risk Management Asset Management Residential Estate (Industry)
Understanding the roles of a Risk Assessor and a Risk Manager is like building a solid and secure foundation in the security world. Andre Mundell makes it easy to understand.

Read more...