Font Size: A A A

Home > Reviews > Insider Threat

Insider Threat

Author Michael G Gelles

ISBN No 9780128024102

Review date 19/06/2019

No of pages 252

Publisher Butterworth-Heinemann

Publisher URL

Year of publication 01/08/2016


Insider Threat: Prevention, Detection, Mitigation, and Deterrence by Michael G Gelles. Published 2016 by Butterworth-Heinemann. ISBN: 9780128024102, 252 pages, print price £26.34. Visit

Our Review


£ 26.34

As you might imagine, an American book on the insider threat does not take long before it mentions Edward Snowden.

As Michael G Gelles says at the beginning of his Insider Threat: Prevention, Detection, Mitigation, and Deterrence, the insider threat is ‘not a new phenomenon’. Why does a trusted employee do sabotage, or espionage? As Gelles sets out, the greatest risk comes not from the external spy, but from that employee who’s already got the physical or digital keys (although we might add that the insider might need to connect with the outside spy agency or someone who’s paying or corrupting him; again, whether physically or digitally). That we know all that and America has the examples from history to prove it - the leaking of atom bomb secrets to the Russians, any number of corporate cases - does not, evidently, make the threat any easier to detect.

For one thing, that’s because as Gelles points out ‘there is no psychologial or demographic profile for an insider threat’. The treachery - betrayal, however you like to put it - does not happen on impulse. Rather, Gelles suggests a pattern of malice from the insider - who ‘gets an idea, ruminates, and then begins testing if the idea can be executed’. So there are ‘red flags’; no single motive, but the employee may feel a sense of entitlement. Intriguingly, the author suggests this applies to the younger generation of tech types, if they develop a product; they feel they own it.

Much of Gelles’ advice is sound for security and indeed life in general; trust but verify (as President Reagan put it); look for precursors (those red flags - but then you have to be open to whistle-blowing from other employees, and do something about it, and not just anything but the right thing); connect the dots (a smart one, this, learning what processes or policies are poor, to improve them so other employees don’t take advantage of weaknesses the same). And set expectations - let the workforce know what they can and ought not to do, for instance what’s acceptable use of social media. Gelles in a readable style sets out that taking on the insider threat takes in every facet of security and risk management, from recruitment and IT (such as removal media, which let’s remember Snowden used, making the physical taking away of data so much easier than in the days of paper - to leave the book for a minute, remember the tension in the 2011 film Tinker Tailor Soldier Spy of the crucial log book from the archive; how much easier it’d be with a memory stick, although that would not make such good cinema!?).

Gelles is as sure-footed when he writes of what to do, as what the threat is, even taking on such thorny issues for security management and indeed the service sector in general as how to measure return on investment. He offers several suggestions, such as number of cases opened. It’s noteworthy that here he points to the Holistic Management of Employee Risk (HoMER), from the official UK Centre for the Protection of National Infrastructure (CPNI) - While someone has to be captain of the ‘insider threat team’, it takes in more than security - such as human resources and legal, as Gelles wisely points out. Unlike some writers and security people who unwisely stress how insecure everything is and how it has to be made secure - which frankly cuts little ice in business for long, or often - the author thinks in terms of risk management, and devotes a chapter to ‘establishing an organisational risk appetite’, including case studies. As he writes at the very end, risk will never be zero; ‘the key is to find the most efficient and effective way to manage residual risk’.

Gelles winds up with a look at ‘what the future holds’ and makes the point that as workplaces change, so we are seeing ‘a secondary layer of insiders’ - contractors or sub-contractors who have access, but maybe not the same loyalty to the employer (think Snowden and the NSA again?). In other words, the very definition of an ‘insider’ may be changing. Nor do employees have to be malicious to pose a threat; their complacency can be as damaging.

Overall, a most assured and readable book that is, rightly, as at home in the cyber world (and Big Data) as in the physical. Whatever your branch or field of security, or your background or seniority, this book is of use and interest - unless your organisation doesn’t suffer from an insider threat. In that case, is the work of your organisation up to much, and not worth stealing or leaking?!