Insider Threat Awareness Training

A subject moves within the organisation to a different team with the intent to gain access to sensitive data or to circumvent controls or to otherwise contravene internal policies.

A subject leaving the organisation with access to sensitive data with the intent to access and exfiltrate sensitive data or otherwise contravene internal policies.

A subject, driven by excessive pride in their nation, country, or region, undertakes actions that harm an organization. These actions are self-initiated and conducted unilaterally, without instruction or influence from legitimate authorities within their nation, country, region, or any other third party. The subject often perceives their actions as acts of loyalty or as benefiting their homeland.

While the subject may believe they are acting in their nation’s best interest, their actions frequently lack strategic foresight and can result in significant damage to the organization.

An individual or individuals knowingly assist a subject to gain access to devices, systems, or services that hold sensitive information, or otherwise contravene internal policies.

A third party uses deception, exploitation, or other unethical methods to psychologically manipulate a subject over time, with the intent to influence their perceptions, actions, and decisions. This manipulation can lead the subject to, knowingly or unknowingly, act against the organization’s interests.

A subject is extorted by a third party threatening to expose sexual or indecent images connected to them, a tactic commonly referred to as sextortion. These images may be real, obtained by a third party, AI-generated, ‘deep fake’ images resembling the subject, or entirely fabricated claims. The extortion is typically financially motivated, which can drive the subject to harm the organization for personal gain. Alternatively, the third party may coerce the subject into compromising the organization by revealing sensitive information or granting unauthorized access.

A malicious third party gradually builds a relationship with the subject over an extended period, slowly gaining their trust. This trust is then exploited to access sensitive information or systems, often without the knowledge of the subject.

A malicious third party employs romantic interest or seduction as a manipulation tactic. Through emotional and psychological engagement, the third party persuades the subject to reveal confidential information, grant access to restricted resources, or carry out actions detrimental to the organization.

A subject’s emotional state is exploited by a malicious third party, particularly during periods of heightened stress, grief, or personal hardship. The third party leverages this vulnerability to manipulate the subject into revealing sensitive information or performing actions that could compromise the organization.

A subject facing financial difficulties attempts to resolve their situation by exploiting their access to or knowledge of the organization. This may involve selling access or information to a third party or conspiring with others to cause harm to the organization for financial gain.

A third party uses threats or intimidation to demand that a subject divulge information, grant access to devices or systems, or otherwise cause harm or undermine a target organization.

A third party deceptively manipulates and/or persuades a subject to divulge information, or gain access to devices or systems, or to otherwise cause harm or undermine a target organization.