Advancing Corporate Security with Risk Intelligence Against Insider Threats

Advancing corporate security with strategic risk intelligence

In today’s rapidly evolving corporate landscape, the traditional methods of security are often not enough to address the growing and complex threats organizations may face. Among these threats, insider threats have emerged as a major concern. To help effectively combat this, companies must adopt more advanced strategies—risk intelligence. Michael Evans, Director of Securitas Risk Intelligence Center, offers valuable insights into how organizations can use this approach to help safeguard against insider threats.

Insider threats and why they matter

Insider threats have become an increasingly critical concern for organizations, and understanding their nature is key to helping mitigate risks. According to Michael Evans, an insider threat involves any individual or group who, whether intentionally or unintentionally, misuses their access or knowledge in a way that causes harm to the organization. This threat can originate from employees, contractors, suppliers, or even visitors, and can include fraud, theft of assets or information, sabotage, and workplace violence.

Evans further clarifies the difference between "threat" and "risk," which is often muddled in the security industry. A threat refers to the event or occurrence of potentially causing harm—like an insider threat—while risk is the business implication of that threat. For example, a threat, such as an employee with access to sensitive data, could pose a risk of data leakage to a business if they were to accidentally share sensitive information with an unauthorized person, leading to financial, brand and reputational impacts. Organizations need to both mitigate the threat itself and manage the associated risk, in addition to identifying and addressing vulnerabilities, which are the gaps in an organizations’ armor that protect its assets.

Challenges in helping detect and manage insider threats

The primary challenge in managing insider threats is that the threat actors are already inside the organization, as opposed to an external threat actor which needs to get ‘inside’ before it can act. As Evans explains, insiders have access to, and knowledge of an organization’s systems, ways of working, and assets, including to the ‘crown jewels’ of an organization, whether that is a physical product, intellectual property, or other people. Unlike outsider threats, insiders can more easily carry out malicious actions without drawing immediate attention. This makes them harder to detect, especially since their initial entry has been ‘granted’, and often cases without any cause for concern as they have legitimate reason to ‘enter’ the organization. The insider may, however, later develop motivations to misuse their access—be it for personal gain, political reasons, or because of other external influences, such as in response to world events, or because another threat actor has incited them to act.

The Securitas USA approach to managing insider threats focuses on proactive monitoring and risk intelligence to develop robust insider threat management programs, which helps identify, detect, and respond to insider threats. Evans highlights how a blend of screening during the initial entry process and ongoing monitoring can help identify potential threats before they become risks and have resulting impacts. This is especially important as threats evolve over time, and what was initially a harmless employee can later become a potential threat due to changing circumstances.

The role of risk intelligence in insider threat management

Integrating risk intelligence into a broader security strategy is important for organizations looking to proactively address insider threats. As Evans points out, organizations can only respond to threats they are aware of. Risk intelligence provides critical foresight, helping organizations understand what's happening in the world around them and how it may impact their specific operations. For example, geopolitical tensions, employee grievances, or industry developments have repercussions on an organization that might not seem immediately apparent.

For insider threats, risk intelligence offers a competitive advantage by helping to identify threats and vulnerabilities before they are exploited. It allows organizations to anticipate potential problems and decide on effective mitigations—whether through additional screening, or surveillance.

Securitas unique approach to insider threat detection

At Securitas USA, we have developed a comprehensive and tailored approach to insider threat detection through our Risk Intelligence Center (RIC). Evans explains that Securitas USA differentiates itself by offering organization-specific intelligence. While many intelligence vendors focus on providing alerts for incidents that are happening ‘nearby’ their geographic locations, Securitas USA monitors for organization specific intelligence, such as mentions of key company executives, brands, and supply chains concerns.

To do this, we leverage a combination of open-source intelligence (OSINT) as well as human intelligence (HUMINT) from a global network of over 300,000 employees worldwide. This diverse team helps provide advanced situational awareness, real-time intelligence collection, and early warnings of emerging threats. Intelligence can be directly integrated into client operations, helping on-the-ground teams to act swiftly and decisively in the face of emerging threats. Our on-the-ground teams are equipped to help prevent threats before and as they happen, backed by our range of protective services. Learn more about our services here.

“While there is a boom in AI right now, and we do use technology and digital platforms to give us the speed, scale, and scope to deliver on our customer requirements 24/7, 365... we also leverage heavily on the human analyst... everything we produce comes through a human and it's the humans in the team, both from their professional and personal backgrounds, that provide us with the highest quality of finish intelligence,” said Evans.

Looking ahead: insider threats in 2025

The landscape of insider threats is evolving rapidly, and Evans assesses that in 2025, organizations will face a significantly different threat landscape. With shifting dynamics and technological advancements, insider threats will take on new forms, influenced by global events, particularly a rise in ideologically motivated threat actors, an increase in workplace violence related threats, and the use of emerging technologies that have not been deployed securely. Evans predicts that understanding these emerging threats and their associated risks will be critical for organizations looking to stay ahead of the curve in helping to protect their most valuable assets.

For your security operations, the takeaway is clear: turning insights into action is the key to staying ahead of insider threats. It’s time to embrace a more proactive and intelligent security strategy that helps transform potential risks into opportunities for stronger, safer organizations. Explore how our Risk Intelligence can help support your security strategy.