ITM is an open framework - Submit your contributions now.

Insider Threat Matrix™

  • ID: MT005
  • Created: 22nd May 2024
  • Updated: 21st July 2024
  • Contributor: The ITM Team

Personal Gain

A subject seeks personal gain from another by accessing and exfiltrating or destroying sensitive data or otherwise contravening internal policies.

Subsections

ID Name Description
MT005.002Corporate Espionage

A third party private organization deploys an individual to a target organization to covertly steal confidential or classified information or gain strategic access for its own benefit.

MT005.003Financial Desperation

A subject facing financial difficulties attempts to resolve their situation by exploiting their access to or knowledge of the organization. This may involve selling access or information to a third party or conspiring with others to cause harm to the organization for financial gain.

MT005.001Speculative Corporate Espionage

A subject covertly collects confidential or classified information, or gains access, with the intent to sell it to a third party private organization.

Prevention

ID Name Description
PV022Internal Whistleblowing

Provide a process for all staff members to report concerning and/or suspicious behaviour to the organization's security team for review. An internal whistleblowing process should take into consideration the privacy of the reporter and the subject(s) of the report, with specific regard to safeguarding against reprisals against reporters.

PV013Pre-Employment Background Checks

Background checks should be conducted to ensure whether the information provided by the candidate during the interview process is truthful. This could include employment and educational reference checks, and a criminal background check. Background checks can highlight specific risks, such as a potential for extortion.