Insider Threats During Times of Conflicts

As organisations strive for diversity and inclusion across their employee groups, we must not lose sight of the fact that groups of employees are still individuals with their own beliefs, identities, and affiliations. As tensions continue to rise in the geopolitical world, cybersecurity professionals must be hawk-eyed for the emergence of new insider threats.

First Published 29th March 2022  |  Latest Refresh 20th March 2023

Insider Threats During Global Conflicts

Object Classification: Developer 0.693, Insider Threat 0.276, Chance to talk about Agile 0.997

5 min read  |  Reflare Research Team

Humans are good people

Some would argue that the human race is the most intelligent species on earth. However, despite this assumed intellect, others would argue that our tribal nature, obsession with the material, and occasional misuse of influence have run counter to all we humans could achieve.

But things are not all gloom and doom. We've actually done OK.

In historical terms, we have strived (with the odd bump along the way) to expand our 'tolerant & understanding' towards each other. As the saying goes, we humans have more similarities than differences. In more recent history, the accessibility of international travel, cross-language communication, and the collective accumulation of worldly knowledge have all taught us the benefits of universal cooperation on not just a local, regional, or national level, but on a truly interconnected global system.

Today, we see the positive impacts of this everywhere. For example, if you have ever visited Google’s office in Zurich, you would be unsurprised to find not just Swiss working in their buildings, but a large number of people from all over the world. The fact that we are able to get so many people with diverse backgrounds, experiences, and capabilities working in the same building is a representation of our collective progress and a sign of our times. 


If you have ever studied Economics 101, you may recall lesson one, sentence one - "Humans are not rational players".

As social and geopolitical tensions increase, so do the tensions within diverse groups. We are emotional beings first, and no matter how tolerant we think we are, there is rarely not a red line that once crossed, will start to tug us back towards our more primitive instincts. And we are starting to see this play out in organisational employee groups across many departments, in many industry sectors, in many countries.

Depending on an individual's disposition, perspective, and beliefs, some who may have otherwise been happy to openly collaborate with their colleagues may now find themselves unable to participate even in the most basic of water-cooler small talk. 

From a cybersecurity viewpoint, this risk cannot go unaddressed.

Which brings us to the subject of insider threats.

The kaleidoscope of trust

Insider threats are a topic that many leaders find difficult to discuss openly. After all, most, if not all of us do not want to work in an environment where our leaders declare scepticism of their employees, or where we proactively foster a culture of mistrust towards our colleagues... just because we are different. The idea that 'one of us' may proactively plan to hurt our organisation, or potentially take steps to deliberately put us at risk is not only counterintuitive to the camaraderie of working groups, but is also quite frankly – disturbing.

But regardless of how disturbed we may or may not be, cybersecurity professionals must now start to increase their alertness to the real possibility of emerging insider threats.

In general, there are three types of insider threats:

-   Malicious insiders

-   Negligent insiders

-   Infiltrators

Malicious Insiders

Malicious insiders are people who take advantage of their access to inflict harm on an organisation. A great example of an insider is Edward Snowden.

Edward Snowden was a contractor to the CIA in 2013 when he copied and released thousands of classified documents relating to secret and controversial government surveillance activities in the US and abroad before fleeing the country.

According to Snowden, he did it because he considered himself a patriot and he wanted to try and stop the violations of the US Constitution – something which many disagreed with and instead described him as a traitor.

Whatever Snowden thought of himself and whether people would agree with it is beside the point. The key here is that – he was a trusted person within the organisation and had access to some extremely sensitive documents.

Negligent Insiders

The first casualty of war is truth.

When a war breaks out and the fog of conflict starts to grow, propaganda machines start to kick in. As a result, information is often presented with one-sided news stories, and those amongst us who refuse to buy whatever narrative is given to us would scour the internet for alternative views.

This is when things can get dangerous because both state actors and cyber-criminals know that people who are desperate for information are very likely to put themselves at risk or disregard their security policies in order to get what they want, such as visiting harmful websites or installing software that they believe would help to bypass their government or organisation internet restrictions.

People who disregard policies and put their organisations at risk are categorised as negligent insiders.

Since the beginning of the Russian invasion of Ukraine and the associated cyber-attacks against a wide range of targets, the concept of strong cyber resilience has become the buzzword of the time. 


The least common but also the most dangerous threat to an organisation are the infiltrators. Infiltrators are external impostors who manage to obtain legitimate access to an organisation through, for example, social engineering.

Once inside the organisation, the infiltrators would try to gain access to sensitive documents or credentials that would further elevate their privilege without raising suspicion.

Infiltrators could be inside an organisation for a long time and may not perform malicious actions until they are activated.

These days wars are no longer limited to kinetic military actions but also economic sanctions and cyber warfare. For that reason, it is crucial for organisations to strengthen their defence especially when there is a conflict.

Following are some of the steps that can be taken to minimise the risk of insider threats:

1)   Log, monitor, and audit employees' online activities so that any risky or suspicious behaviours can be discovered or detected quickly.

2)   Immediately deactivate access following employee contract termination regardless of the circumstances.

3)   Actively defend against malicious code by only allowing the installation of trusted software and restricting access to potentially harmful websites.

4)   Make access compromise harder by enabling multi-factor authentication.

5)   Monitor and respond to disruptive behaviour at work including signs of disgruntlement.

6)   Restrict access to sensitive documents, systems, and infrastructures so that only those who need access to them to perform their duty.

If we were to be so bold as to suggest a seventh step, it would be to stay up-to-speed on the latest cybersecurity trends and analysis with your subscription to our research newsletter. 

Additionally, you could explore some of our related articles to learn more.

Subscribe by email