SGT’s Industrial Security Department proudly partners with the Defense Counterintelligence and Security Agency (DCSA) to support National Insider Threat Awareness Month.
We invite you to explore this resource for key information, case studies, best practices, and tools to help identify and prevent insider threats. Engage with insights and test your skills in our interactive game to enhance your understanding of insider risks.
start
Case Studies
National Insider Threat Awareness Month
The Accidental Insider
The Third-Party Insider
50%
of Insider Threats Go Undetected
Watch
The Malicious Insider
Can you stop the insider?
Play
$11.5M
77 days
Lost to Insider Threats
to Contain a Threat
Select to access contacts and hotlines for any questions, concerns, or to report suspicious activity.
Insider Threat: Mission Critical
Can You Identify the Insider and Protect Our Secrets?
start
THE MISSION
As part of the Siemens Security Team, your task is to identify and stop an insider threat before critical information is compromised. Investigate clues, analyze suspicious behavior, and make the right decisions to secure our operations. The safety of our organization is in your hands—can you succeed before time runs out?
Next
You’ve noticed changes in a colleague’s behavior lately—sudden mood swings, disengagement, and a growing interest in files outside their usual responsibilities. These behaviors can sometimes indicate a potential insider threat. Can you identify which traits are most commonly linked to insider threat risks?
You receive an alert about a suspicious email that has been flagged by the system. The email contains several attachments and unusual requests for sensitive information. The sender is an employee, but something feels off. Can you investigate and determine if this is part of an insider threat?
A sudden surge in file access activity is flagged from a workstation after hours. The data accessed includes sensitive project information, far beyond the employee's role. What should you investigate further?
QUESTION 1/3
Report the suspicious access to the Insider Threat Program immediately for investigation.
What is the best next step in investigating this suspicious activity?
Monitor the employee’s activity silently to gather more evidence.
QUESTION 2/3
Collaborate with industrial security and IT to monitor the employee's access and gather further evidence.
After reporting the suspicious activity, what should be your next step?
Inform all employees to stay alert and monitor their own data access.
An unauthorized connection to the industrial control system has been detected. Wires have been tampered with, and the base’s operations are at risk. To keep moving forward, find the source of the breach and secure the controls before it's too late.
QUESTION 1/3
Disconnect the compromised connection immediately.
You discover that the tampered wiring leads to a non-secure network connection. What is your first step?
Inform the rest of the team before taking any action.
Continue monitoring the connection without making changes.
QUESTION 2/3
Check for any additional compromised systems on your own.
After securing the connection, what is your next step?
Report the incident to the industrial security team for further investigation.
Notify all employees of the breach.
You notice an employee at his desk, discreetly writing down project details that seem unrelated to his role. He’s not assigned to this project, and the information he’s handling is highly sensitive. Could this be an attempt to remove classified information? What will you do next?
QUESTION 1/3
Continue observing the employee to gather more evidence before reporting the behavior
What is the first step you should take after noticing the employee documenting sensitive information without authorization?
Discreetly notify your security officer and Insider Threat Program representative to initiate a formal review.
Confront the employee directly and ask why they are handling the sensitive information.
Mission Complete
Congratulations! Thanks to your quick thinking and attention to detail, you successfully identified and neutralized the insider threat. Your actions have safeguarded our sensitive information and protected the organization from potential harm.
Return to home page
Incorrect Answer
Don’t worry—insider threats can be tricky to detect. Review the clues carefully and try again.
try again
September is National Insider Threat Awareness Month
This month, Siemens Government Technologies emphasizes the importance of safeguarding sensitive information from internal risks. Insider threats are a growing concern worldwide, including for government contractors like us. Whether intentional or accidental, actions by trusted individuals can have serious consequences.
What Can You Do?
- Report unusual behavior or access to sensitive data.
- Secure your workspaces, both digital and physical.
- Be proactive in learning how to recognize potential threats.
- Each of us plays a key role in maintaining our security.
Select pins to reveal
Seattle Plane Theft (2018)
Richard Russell, an airport employee, stole a Horizon Air Q400 and flew it without authorization, exposing gaps in physical security and insider threat awareness. The incident ended in a fatal crash, raising concerns about insider risk in aviation.
Pentagon Leaks (2023)
The 2023 Pentagon leaks: Air Guardsman Jack Teixeira leaked classified U.S. intel on a gaming chat, revealing Ukraine war details and more. He was arrested, sparking concerns about insider threats and security processes.
Capital One Data Breach (2019)
A former Amazon Web Services engineer exploited a misconfiguration in Capital One’s Web Application Firewall, leading to the exposure of 106 million customer records, including financial data.
Tesla Data Breach (2023)
Two former Tesla employees leaked confidential internal documents, including personal employee data and production secrets, to a German news outlet. This breach exposed the personal information of 75,000 individuals and sensitive company data.
Ubiquiti Networks Data Theft (2021)
A senior developer at Ubiquiti Networks in Chicago stole gigabytes of confidential data and posed as a hacker demanding 50 bitcoins (around $1.9 million) for the files. The insider was arrested, but not before causing significant reputational and financial damage, with Ubiquiti’s market cap losing $4 billion.
Cash App Data Breach (2022)
A disgruntled former employee of Cash App downloaded the personal data of 8.2 million customers after termination, leading to a significant breach and a class-action lawsuit.
The Malicious Insider
An individual within an organization who intentionally exploits their access to harm the company through theft, sabotage, or leaking sensitive information for personal, financial, or ideological reasons.
The Path to Data Breach
Exfiltration
Damage Realized
Recruitment
Access Abuse
Exploitation
The insider is often approached or influenced by external actors. They may be motivated by financial gain, personal grievances, or ideological beliefs.
The insider transfers sensitive data outside the organization or carries out damaging acts.
The insider gains unauthorized access by exploiting trusted relationships or their privileged position.
The insider begins unauthorized actions like data theft, system sabotage, or sharing sensitive information.
The organization suffers consequences like data breaches, financial loss, or damaged reputation.
The accidental insider unintentionally causes harm due to carelessness or lack of awareness. This could be as simple as clicking on a phishing link, misplacing a sensitive document, or sharing confidential information without realizing the consequences. While there’s no ill intent, these mistakes can lead to serious security breaches if not managed properly.
The Accidental Insider
Percentage of Threats by Insider Type
High-risk devices are particularly vulnerable to accidental data leaks when employees use unsecured or unencrypted devices to access company systems.
High-Risk Devices
40-45%
involve laptops, with 68% of stolen laptops never recovered.
10-15%
stem from misconfigured cloud services.
of threats involve mobile devices, often due to lack of encryption or unsecured networks.
30%
Vulnerabilities & Security Incidents by Department
Risk Levels & Security Awareness by Employee Tenure
Percentage of Incidents Caused by Mistakes
Phishing Emails
Unsecured Devices
Weak Passwords
Unauthorized Sharing
The Third-Party Insider
A person from an external organization (vendor, contractor, or partner) who has authorized access to a company's systems or data but may unintentionally or maliciously cause harm by misusing that access.
Partners may need access to share data or collaborate on projects, but this opens vulnerabilities if their security isn't as robust.
Partner Collaboration
Contractors are given internal access to complete tasks but may misuse their privileges, either accidentally or intentionally.
Contractor Access
Vendors often need temporary access to company systems. However, they may not follow our organization's strict security protocols.
Vendor Access
The Malicious Insider
An individual within an organization who intentionally exploits their access to harm the company through theft, sabotage, or leaking sensitive information for personal, financial, or ideological reasons.
The Path to Data Breach
Exfiltration
Damage Realized
Recruitment
Access Abuse
Exploitation
The insider is often approached or influenced by external actors. They may be motivated by financial gain, personal grievances, or ideological beliefs.
The insider transfers sensitive data outside the organization or carries out damaging acts.
The insider gains unauthorized access by exploiting trusted relationships or their privileged position.
The insider begins unauthorized actions like data theft, system sabotage, or sharing sensitive information.
The organization suffers consequences like data breaches, financial loss, or damaged reputation.
Threat Containment Timeline
Early signs of unusual behavior, but no confirmed threat yet. Limited access to sensitive information may have occurred.
Minor Suspicion
Once an insider threat is detected, it takes an average of 77 days to fully contain the incident. During that time, critical damage to data and systems can occur, highlighting the need for early detection and rapid response.
The insider begins accessing sensitive data without proper authorization. Early warning signs are ignored, leading to potential data leaks.
Unauthorized Authorized Data Access
The insider starts transferring large amounts of sensitive data offsite. Potential exposure of classified or proprietary information
Data Exfiltration
By now, the insider has exfiltrated critical information. The breach is detected late, causing significant financial loss, reputational damage, and operational disruption.
Full Data Breach
The accidental insider unintentionally causes harm due to carelessness or lack of awareness. This could be as simple as clicking on a phishing link, misplacing a sensitive document, or sharing confidential information without realizing the consequences. While there’s no ill intent, these mistakes can lead to serious security breaches if not managed properly.
The Accidental Insider
Percentage of Threats by Insider Type
High-risk devices are particularly vulnerable to accidental data leaks when employees use unsecured or unencrypted devices to access company systems.
High-Risk Devices
40-45%
involve laptops, with 68% of stolen laptops never recovered.
10-15%
stem from misconfigured cloud services.
of threats involve mobile devices, often due to lack of encryption or unsecured networks.
30%
Vulnerabilities & Security Incidents by Department
Risk Levels & Security Awareness by Employee Tenure
Percentage of Incidents Caused by Mistakes
Phishing Emails
Unsecured Devices
Weak Passwords
Unauthorized Sharing
For any security-related questions or concerns, please contact: industrial.security@siemensgovt.com
Industrial Security:
Government Reporting Hotlines:
Defense Hotline
The Pentagon
Washington, DC 20301-1900
Department of Energy
Office of the Inspection General
800-424-9098 1000 Independence Ave, SW Room SD-031
Washington, DC 20585
800-541-1625 or 202-541-1625
DNI Hotline
Director of National Intelligence
Office of the Inspector General
Washington, DC 20511
703-482-2651
U.S. Nuclear Regulatory Commission
Office of the Inspector General
Hotline Program, MS 05 E13
11555 Rockville Pike
Rockville, MD 20852-2738
1-800-233-3497
Yadira Barrios Senior Facility Security Officer
Yadira.Barrios@siemensgovt.com
(571) 243-5508
Aja Nims Assistant Facility Security Officer
Aja.Nims@siemensgovt.com
(540) 981-4532 Dina Bouhaouala Security Administrator Dina.Bouhaouala@siemensgovt.com (571) 413-4152
Aziz Hafid
Information Security Officer
Aziz.Hafid@siemensgovt.com
(703) 589-4871 Matthew Madalo Chief Compliance Officer Matthew.Madalo@siemensgovt.com (571) 387-9423 Amy Callahan Associate Project Manager Amy.Callahan@siemensgovt.com (571) 215-2613
SGT Ethics Hotline: (844) 408-0217
Select the icons to explore common behaviors and indicators.
50%
Around 50% of insider threats go undetected until serious damage is done. Common indicators include unusual login times, access to unauthorized files, or sudden changes in behavior like disengagement or financial stress. Identifying these early triggers through continuous monitoring and behavioral analysis can help organizations prevent costly breaches.
For any security-related questions or concerns, please contact: industrial.security@siemensgovt.com
Industrial Security:
Government Reporting Hotlines:
Defense Hotline
The Pentagon
Washington, DC 20301-1900
Department of Energy
Office of the Inspection General
800-424-9098 1000 Independence Ave, SW Room SD-031
Washington, DC 20585
800-541-1625 or 202-541-1625
DNI Hotline
Director of National Intelligence
Office of the Inspector General
Washington, DC 20511
703-482-2651
U.S. Nuclear Regulatory Commission
Office of the Inspector General
Hotline Program, MS 05 E13
11555 Rockville Pike
Rockville, MD 20852-2738
1-800-233-3497
Yadira Barrios Senior Facility Security Officer
Yadira.Barrios@siemensgovt.com
(571) 243-5508
Aja Nims Assistant Facility Security Officer
Aja.Nims@siemensgovt.com
(540) 981-4532 Dina Bouhaouala Security Administrator Dina.Bouhaouala@siemensgovt.com (571) 413-4152
Aziz Hafid
Information Security Officer
Aziz.Hafid@siemensgovt.com
(703) 589-4871 Matthew Madalo Chief Compliance Officer Matthew.Madalo@siemensgovt.com (571) 387-9423 Amy Callahan Associate Project Manager Amy.Callahan@siemensgovt.com (571) 215-2613
SGT Ethics Hotline: (844) 408-0217
Rising Costs of Insider Threats: A Growing Challenge for Businesses
The financial impact of insider threats has escalated significantly from 2016 to 2022, driven by increasing complexity, credential theft, and the shift to hybrid work environments.
Select pins to reveal
Seattle Plane Theft (2018)
Richard Russell, an airport employee, stole a Horizon Air Q400 and flew it without authorization, exposing gaps in physical security and insider threat awareness. The incident ended in a fatal crash, raising concerns about insider risk in aviation.
Pentagon Leaks (2023)
The 2023 Pentagon leaks: Air Guardsman Jack Teixeira leaked classified U.S. intel on a gaming chat, revealing Ukraine war details and more. He was arrested, sparking concerns about insider threats and security processes.
Capital One Data Breach (2019)
A former Amazon Web Services engineer exploited a misconfiguration in Capital One’s Web Application Firewall, leading to the exposure of 106 million customer records, including financial data.
Tesla Data Breach (2023)
Two former Tesla employees leaked confidential internal documents, including personal employee data and production secrets, to a German news outlet. This breach exposed the personal information of 75,000 individuals and sensitive company data.
Ubiquiti Networks Data Theft (2021)
A senior developer at Ubiquiti Networks in Chicago stole gigabytes of confidential data and posed as a hacker demanding 50 bitcoins (around $1.9 million) for the files. The insider was arrested, but not before causing significant reputational and financial damage, with Ubiquiti’s market cap losing $4 billion.
Cash App Data Breach (2022)
A disgruntled former employee of Cash App downloaded the personal data of 8.2 million customers after termination, leading to a significant breach and a class-action lawsuit.
The accidental insider unintentionally causes harm due to carelessness or lack of awareness. This could be as simple as clicking on a phishing link, misplacing a sensitive document, or sharing confidential information without realizing the consequences. While there’s no ill intent, these mistakes can lead to serious security breaches if not managed properly.
The Accidental Insider
Percentage of Threats by Insider Type
High-risk devices are particularly vulnerable to accidental data leaks when employees use unsecured or unencrypted devices to access company systems.
High-Risk Devices
40-45%
involve laptops, with 68% of stolen laptops never recovered.
10-15%
stem from misconfigured cloud services.
of threats involve mobile devices, often due to lack of encryption or unsecured networks.
30%
Vulnerabilities & Security Incidents by Department
Risk Levels & Security Awareness by Employee Tenure
Percentage of Incidents Caused by Mistakes
Phishing Emails
Unsecured Devices
Weak Passwords
Unauthorized Sharing
9,280
A great title
17,520
A great title
An awesome title here
60%
$36000
Contextualize your topic with a subtitle
A great title
Title here
A great subtitle
Title here
A great subtitle
Visual content is a transversal, universal language, like music. We can understand images from millions of years ago, even from other cultures.
Title here
A great subtitle
The Third-Party Insider
A person from an external organization (vendor, contractor, or partner) who has authorized access to a company's systems or data but may unintentionally or maliciously cause harm by misusing that access.
Partners may need access to share data or collaborate on projects, but this opens vulnerabilities if their security isn't as robust.
Partner Collaboration
Contractors are given internal access to complete tasks but may misuse their privileges, either accidentally or intentionally.
Contractor Access
Vendors often need temporary access to company systems. However, they may not follow our organization's strict security protocols.
Vendor Access
The Third-Party Insider
A person from an external organization (vendor, contractor, or partner) who has authorized access to a company's systems or data but may unintentionally or maliciously cause harm by misusing that access.
Partners may need access to share data or collaborate on projects, but this opens vulnerabilities if their security isn't as robust.
Partner Collaboration
Contractors are given internal access to complete tasks but may misuse their privileges, either accidentally or intentionally.
Contractor Access
Vendors often need temporary access to company systems. However, they may not follow our organization's strict security protocols.
Vendor Access
The Malicious Insider
An individual within an organization who intentionally exploits their access to harm the company through theft, sabotage, or leaking sensitive information for personal, financial, or ideological reasons.
The Path to Data Breach
Exfiltration
Damage Realized
Recruitment
Access Abuse
Exploitation
The insider is often approached or influenced by external actors. They may be motivated by financial gain, personal grievances, or ideological beliefs.
The insider transfers sensitive data outside the organization or carries out damaging acts.
The insider gains unauthorized access by exploiting trusted relationships or their privileged position.
The insider begins unauthorized actions like data theft, system sabotage, or sharing sensitive information.
The organization suffers consequences like data breaches, financial loss, or damaged reputation.
SGT Insider Threat Awareness Interactive
Dina Sonia Bouhaouala
Created on September 10, 2024
Start designing with a free template
Discover more than 1500 professional designs like these:
View
Advent Calendar
View
Tree of Wishes
View
Witchcraft vertical Infographic
View
Halloween Horizontal Infographic
View
Halloween Infographic
View
Halloween List 3D
View
Magic and Sorcery List
Explore all templates
Transcript
SGT’s Industrial Security Department proudly partners with the Defense Counterintelligence and Security Agency (DCSA) to support National Insider Threat Awareness Month.
We invite you to explore this resource for key information, case studies, best practices, and tools to help identify and prevent insider threats. Engage with insights and test your skills in our interactive game to enhance your understanding of insider risks.
start
Case Studies
National Insider Threat Awareness Month
The Accidental Insider
The Third-Party Insider
50%
of Insider Threats Go Undetected
Watch
The Malicious Insider
Can you stop the insider?
Play
$11.5M
77 days
Lost to Insider Threats
to Contain a Threat
Select to access contacts and hotlines for any questions, concerns, or to report suspicious activity.
Insider Threat: Mission Critical
Can You Identify the Insider and Protect Our Secrets?
start
THE MISSION
As part of the Siemens Security Team, your task is to identify and stop an insider threat before critical information is compromised. Investigate clues, analyze suspicious behavior, and make the right decisions to secure our operations. The safety of our organization is in your hands—can you succeed before time runs out?
Next
You’ve noticed changes in a colleague’s behavior lately—sudden mood swings, disengagement, and a growing interest in files outside their usual responsibilities. These behaviors can sometimes indicate a potential insider threat. Can you identify which traits are most commonly linked to insider threat risks?
You receive an alert about a suspicious email that has been flagged by the system. The email contains several attachments and unusual requests for sensitive information. The sender is an employee, but something feels off. Can you investigate and determine if this is part of an insider threat?
A sudden surge in file access activity is flagged from a workstation after hours. The data accessed includes sensitive project information, far beyond the employee's role. What should you investigate further?
QUESTION 1/3
Report the suspicious access to the Insider Threat Program immediately for investigation.
What is the best next step in investigating this suspicious activity?
Monitor the employee’s activity silently to gather more evidence.
QUESTION 2/3
Collaborate with industrial security and IT to monitor the employee's access and gather further evidence.
After reporting the suspicious activity, what should be your next step?
Inform all employees to stay alert and monitor their own data access.
An unauthorized connection to the industrial control system has been detected. Wires have been tampered with, and the base’s operations are at risk. To keep moving forward, find the source of the breach and secure the controls before it's too late.
QUESTION 1/3
Disconnect the compromised connection immediately.
You discover that the tampered wiring leads to a non-secure network connection. What is your first step?
Inform the rest of the team before taking any action.
Continue monitoring the connection without making changes.
QUESTION 2/3
Check for any additional compromised systems on your own.
After securing the connection, what is your next step?
Report the incident to the industrial security team for further investigation.
Notify all employees of the breach.
You notice an employee at his desk, discreetly writing down project details that seem unrelated to his role. He’s not assigned to this project, and the information he’s handling is highly sensitive. Could this be an attempt to remove classified information? What will you do next?
QUESTION 1/3
Continue observing the employee to gather more evidence before reporting the behavior
What is the first step you should take after noticing the employee documenting sensitive information without authorization?
Discreetly notify your security officer and Insider Threat Program representative to initiate a formal review.
Confront the employee directly and ask why they are handling the sensitive information.
Mission Complete
Congratulations! Thanks to your quick thinking and attention to detail, you successfully identified and neutralized the insider threat. Your actions have safeguarded our sensitive information and protected the organization from potential harm.
Return to home page
Incorrect Answer
Don’t worry—insider threats can be tricky to detect. Review the clues carefully and try again.
try again
September is National Insider Threat Awareness Month
This month, Siemens Government Technologies emphasizes the importance of safeguarding sensitive information from internal risks. Insider threats are a growing concern worldwide, including for government contractors like us. Whether intentional or accidental, actions by trusted individuals can have serious consequences.
What Can You Do?
Select pins to reveal
Seattle Plane Theft (2018)
Richard Russell, an airport employee, stole a Horizon Air Q400 and flew it without authorization, exposing gaps in physical security and insider threat awareness. The incident ended in a fatal crash, raising concerns about insider risk in aviation.
Pentagon Leaks (2023)
The 2023 Pentagon leaks: Air Guardsman Jack Teixeira leaked classified U.S. intel on a gaming chat, revealing Ukraine war details and more. He was arrested, sparking concerns about insider threats and security processes.
Capital One Data Breach (2019)
A former Amazon Web Services engineer exploited a misconfiguration in Capital One’s Web Application Firewall, leading to the exposure of 106 million customer records, including financial data.
Tesla Data Breach (2023)
Two former Tesla employees leaked confidential internal documents, including personal employee data and production secrets, to a German news outlet. This breach exposed the personal information of 75,000 individuals and sensitive company data.
Ubiquiti Networks Data Theft (2021)
A senior developer at Ubiquiti Networks in Chicago stole gigabytes of confidential data and posed as a hacker demanding 50 bitcoins (around $1.9 million) for the files. The insider was arrested, but not before causing significant reputational and financial damage, with Ubiquiti’s market cap losing $4 billion.
Cash App Data Breach (2022)
A disgruntled former employee of Cash App downloaded the personal data of 8.2 million customers after termination, leading to a significant breach and a class-action lawsuit.
The Malicious Insider
An individual within an organization who intentionally exploits their access to harm the company through theft, sabotage, or leaking sensitive information for personal, financial, or ideological reasons.
The Path to Data Breach
Exfiltration
Damage Realized
Recruitment
Access Abuse
Exploitation
The insider is often approached or influenced by external actors. They may be motivated by financial gain, personal grievances, or ideological beliefs.
The insider transfers sensitive data outside the organization or carries out damaging acts.
The insider gains unauthorized access by exploiting trusted relationships or their privileged position.
The insider begins unauthorized actions like data theft, system sabotage, or sharing sensitive information.
The organization suffers consequences like data breaches, financial loss, or damaged reputation.
The accidental insider unintentionally causes harm due to carelessness or lack of awareness. This could be as simple as clicking on a phishing link, misplacing a sensitive document, or sharing confidential information without realizing the consequences. While there’s no ill intent, these mistakes can lead to serious security breaches if not managed properly.
The Accidental Insider
Percentage of Threats by Insider Type
High-risk devices are particularly vulnerable to accidental data leaks when employees use unsecured or unencrypted devices to access company systems.
High-Risk Devices
40-45%
involve laptops, with 68% of stolen laptops never recovered.
10-15%
stem from misconfigured cloud services.
of threats involve mobile devices, often due to lack of encryption or unsecured networks.
30%
Vulnerabilities & Security Incidents by Department
Risk Levels & Security Awareness by Employee Tenure
Percentage of Incidents Caused by Mistakes
Phishing Emails
Unsecured Devices
Weak Passwords
Unauthorized Sharing
The Third-Party Insider
A person from an external organization (vendor, contractor, or partner) who has authorized access to a company's systems or data but may unintentionally or maliciously cause harm by misusing that access.
Partners may need access to share data or collaborate on projects, but this opens vulnerabilities if their security isn't as robust.
Partner Collaboration
Contractors are given internal access to complete tasks but may misuse their privileges, either accidentally or intentionally.
Contractor Access
Vendors often need temporary access to company systems. However, they may not follow our organization's strict security protocols.
Vendor Access
The Malicious Insider
An individual within an organization who intentionally exploits their access to harm the company through theft, sabotage, or leaking sensitive information for personal, financial, or ideological reasons.
The Path to Data Breach
Exfiltration
Damage Realized
Recruitment
Access Abuse
Exploitation
The insider is often approached or influenced by external actors. They may be motivated by financial gain, personal grievances, or ideological beliefs.
The insider transfers sensitive data outside the organization or carries out damaging acts.
The insider gains unauthorized access by exploiting trusted relationships or their privileged position.
The insider begins unauthorized actions like data theft, system sabotage, or sharing sensitive information.
The organization suffers consequences like data breaches, financial loss, or damaged reputation.
Threat Containment Timeline
Early signs of unusual behavior, but no confirmed threat yet. Limited access to sensitive information may have occurred.
Minor Suspicion
Once an insider threat is detected, it takes an average of 77 days to fully contain the incident. During that time, critical damage to data and systems can occur, highlighting the need for early detection and rapid response.
The insider begins accessing sensitive data without proper authorization. Early warning signs are ignored, leading to potential data leaks.
Unauthorized Authorized Data Access
The insider starts transferring large amounts of sensitive data offsite. Potential exposure of classified or proprietary information
Data Exfiltration
By now, the insider has exfiltrated critical information. The breach is detected late, causing significant financial loss, reputational damage, and operational disruption.
Full Data Breach
The accidental insider unintentionally causes harm due to carelessness or lack of awareness. This could be as simple as clicking on a phishing link, misplacing a sensitive document, or sharing confidential information without realizing the consequences. While there’s no ill intent, these mistakes can lead to serious security breaches if not managed properly.
The Accidental Insider
Percentage of Threats by Insider Type
High-risk devices are particularly vulnerable to accidental data leaks when employees use unsecured or unencrypted devices to access company systems.
High-Risk Devices
40-45%
involve laptops, with 68% of stolen laptops never recovered.
10-15%
stem from misconfigured cloud services.
of threats involve mobile devices, often due to lack of encryption or unsecured networks.
30%
Vulnerabilities & Security Incidents by Department
Risk Levels & Security Awareness by Employee Tenure
Percentage of Incidents Caused by Mistakes
Phishing Emails
Unsecured Devices
Weak Passwords
Unauthorized Sharing
For any security-related questions or concerns, please contact: industrial.security@siemensgovt.com
Industrial Security:
Government Reporting Hotlines:
Defense Hotline The Pentagon Washington, DC 20301-1900 Department of Energy Office of the Inspection General 800-424-9098 1000 Independence Ave, SW Room SD-031 Washington, DC 20585 800-541-1625 or 202-541-1625 DNI Hotline Director of National Intelligence Office of the Inspector General Washington, DC 20511 703-482-2651 U.S. Nuclear Regulatory Commission Office of the Inspector General Hotline Program, MS 05 E13 11555 Rockville Pike Rockville, MD 20852-2738 1-800-233-3497
Yadira Barrios Senior Facility Security Officer Yadira.Barrios@siemensgovt.com (571) 243-5508 Aja Nims Assistant Facility Security Officer Aja.Nims@siemensgovt.com (540) 981-4532 Dina Bouhaouala Security Administrator Dina.Bouhaouala@siemensgovt.com (571) 413-4152
Aziz Hafid Information Security Officer Aziz.Hafid@siemensgovt.com (703) 589-4871 Matthew Madalo Chief Compliance Officer Matthew.Madalo@siemensgovt.com (571) 387-9423 Amy Callahan Associate Project Manager Amy.Callahan@siemensgovt.com (571) 215-2613
SGT Ethics Hotline: (844) 408-0217
Select the icons to explore common behaviors and indicators.
50%
Around 50% of insider threats go undetected until serious damage is done. Common indicators include unusual login times, access to unauthorized files, or sudden changes in behavior like disengagement or financial stress. Identifying these early triggers through continuous monitoring and behavioral analysis can help organizations prevent costly breaches.
For any security-related questions or concerns, please contact: industrial.security@siemensgovt.com
Industrial Security:
Government Reporting Hotlines:
Defense Hotline The Pentagon Washington, DC 20301-1900 Department of Energy Office of the Inspection General 800-424-9098 1000 Independence Ave, SW Room SD-031 Washington, DC 20585 800-541-1625 or 202-541-1625 DNI Hotline Director of National Intelligence Office of the Inspector General Washington, DC 20511 703-482-2651 U.S. Nuclear Regulatory Commission Office of the Inspector General Hotline Program, MS 05 E13 11555 Rockville Pike Rockville, MD 20852-2738 1-800-233-3497
Yadira Barrios Senior Facility Security Officer Yadira.Barrios@siemensgovt.com (571) 243-5508 Aja Nims Assistant Facility Security Officer Aja.Nims@siemensgovt.com (540) 981-4532 Dina Bouhaouala Security Administrator Dina.Bouhaouala@siemensgovt.com (571) 413-4152
Aziz Hafid Information Security Officer Aziz.Hafid@siemensgovt.com (703) 589-4871 Matthew Madalo Chief Compliance Officer Matthew.Madalo@siemensgovt.com (571) 387-9423 Amy Callahan Associate Project Manager Amy.Callahan@siemensgovt.com (571) 215-2613
SGT Ethics Hotline: (844) 408-0217
Rising Costs of Insider Threats: A Growing Challenge for Businesses
The financial impact of insider threats has escalated significantly from 2016 to 2022, driven by increasing complexity, credential theft, and the shift to hybrid work environments.
Select pins to reveal
Seattle Plane Theft (2018)
Richard Russell, an airport employee, stole a Horizon Air Q400 and flew it without authorization, exposing gaps in physical security and insider threat awareness. The incident ended in a fatal crash, raising concerns about insider risk in aviation.
Pentagon Leaks (2023)
The 2023 Pentagon leaks: Air Guardsman Jack Teixeira leaked classified U.S. intel on a gaming chat, revealing Ukraine war details and more. He was arrested, sparking concerns about insider threats and security processes.
Capital One Data Breach (2019)
A former Amazon Web Services engineer exploited a misconfiguration in Capital One’s Web Application Firewall, leading to the exposure of 106 million customer records, including financial data.
Tesla Data Breach (2023)
Two former Tesla employees leaked confidential internal documents, including personal employee data and production secrets, to a German news outlet. This breach exposed the personal information of 75,000 individuals and sensitive company data.
Ubiquiti Networks Data Theft (2021)
A senior developer at Ubiquiti Networks in Chicago stole gigabytes of confidential data and posed as a hacker demanding 50 bitcoins (around $1.9 million) for the files. The insider was arrested, but not before causing significant reputational and financial damage, with Ubiquiti’s market cap losing $4 billion.
Cash App Data Breach (2022)
A disgruntled former employee of Cash App downloaded the personal data of 8.2 million customers after termination, leading to a significant breach and a class-action lawsuit.
The accidental insider unintentionally causes harm due to carelessness or lack of awareness. This could be as simple as clicking on a phishing link, misplacing a sensitive document, or sharing confidential information without realizing the consequences. While there’s no ill intent, these mistakes can lead to serious security breaches if not managed properly.
The Accidental Insider
Percentage of Threats by Insider Type
High-risk devices are particularly vulnerable to accidental data leaks when employees use unsecured or unencrypted devices to access company systems.
High-Risk Devices
40-45%
involve laptops, with 68% of stolen laptops never recovered.
10-15%
stem from misconfigured cloud services.
of threats involve mobile devices, often due to lack of encryption or unsecured networks.
30%
Vulnerabilities & Security Incidents by Department
Risk Levels & Security Awareness by Employee Tenure
Percentage of Incidents Caused by Mistakes
Phishing Emails
Unsecured Devices
Weak Passwords
Unauthorized Sharing
9,280
A great title
17,520
A great title
An awesome title here
60%
$36000
Contextualize your topic with a subtitle
A great title
Title here
A great subtitle
Title here
A great subtitle
Visual content is a transversal, universal language, like music. We can understand images from millions of years ago, even from other cultures.
Title here
A great subtitle
The Third-Party Insider
A person from an external organization (vendor, contractor, or partner) who has authorized access to a company's systems or data but may unintentionally or maliciously cause harm by misusing that access.
Partners may need access to share data or collaborate on projects, but this opens vulnerabilities if their security isn't as robust.
Partner Collaboration
Contractors are given internal access to complete tasks but may misuse their privileges, either accidentally or intentionally.
Contractor Access
Vendors often need temporary access to company systems. However, they may not follow our organization's strict security protocols.
Vendor Access
The Third-Party Insider
A person from an external organization (vendor, contractor, or partner) who has authorized access to a company's systems or data but may unintentionally or maliciously cause harm by misusing that access.
Partners may need access to share data or collaborate on projects, but this opens vulnerabilities if their security isn't as robust.
Partner Collaboration
Contractors are given internal access to complete tasks but may misuse their privileges, either accidentally or intentionally.
Contractor Access
Vendors often need temporary access to company systems. However, they may not follow our organization's strict security protocols.
Vendor Access
The Malicious Insider
An individual within an organization who intentionally exploits their access to harm the company through theft, sabotage, or leaking sensitive information for personal, financial, or ideological reasons.
The Path to Data Breach
Exfiltration
Damage Realized
Recruitment
Access Abuse
Exploitation
The insider is often approached or influenced by external actors. They may be motivated by financial gain, personal grievances, or ideological beliefs.
The insider transfers sensitive data outside the organization or carries out damaging acts.
The insider gains unauthorized access by exploiting trusted relationships or their privileged position.
The insider begins unauthorized actions like data theft, system sabotage, or sharing sensitive information.
The organization suffers consequences like data breaches, financial loss, or damaged reputation.