Viewing the possible threats or assaults on principals from the outside is only viewing the glass as half-empty. Granted, outside manmade threat objectives such as but not limited to political, religious, or even intellectual disability, all pose potential hazards to the wellbeing of the principal(s). However, examining a possible or suspected insider threat to the principal should not be dismissed.
The vantage point perceived by those outside the executive protection, risk, and security sector, which includes most of the public and even some of the principals, is that threats or proposed harm/attacks work from the outside in. No matter how trivial it may appear, executive protection agents and security personnel should remember, who knows the routines of the principal(s) better than those who make direct or indirect contact with him/her/them?
Negligence
This form of insider threat is often dismissed as accidental; however, should not be dismissed as such. Principals are human and require the same necessities and resources as bystanders on the street. Meals, accommodations, and transportation, all provide a service. With proprietary positions becoming more sparce and contracted/vendor services more prominent, many individuals will come in direct and indirect contact with variables of the principal’s routine. For instance, what if the principal has a food allergy and that information has not been passed on to a vendor preparing the principal’s meal, or electrical work is being done in the vicinity of the C-Suite during an annual meeting, which cuts off power to the floor? These types of scenarios must be pre-planned months in advance and depending on the executive protection detail. This is where clear, concise, and constant communication comes in.
Complacent
Complacent insider threats involve those directly or indirectly involved with the principal(s), taking protocols too lightly or, for lack of a better word, not caring. This can include but is not limited to:
- Leaving sensitive information out and available.
- Lending or swiping someone through a turnstile.
- Noticing an entry point or broken protective circle and procrastinating its repair.
The list of examples is as long as the specifications fit the principal and his/her/their organization’s expectations. Furthermore, this can increase if there is high turnover or inadequate compliance audits and training. Much like negligent insider threats, complacent insider threats can be mitigated through training, communication, and audits. Pride also plays a role in too much complacency. This may come in the form of a security detail hosting the same principal year after year at the same venue, without researching the current threat landscape or familiarization with the principal’s organizational enterprise risk management (ERM) or enterprise security risk management (ESRM) structure.
Malicious
Finally, this form of insider threat is the most mitigated because of the knowledge that the insider with malicious intent possesses. An insider threat attack can cripple anything from critical infrastructure to an organization’s reputation. What lies behind the objective can range from personal profit to a disgruntled current or former employee. Numerous countermeasures may be set up to combat this; however, one of the biggest mitigators is background checks and monitoring of red flags flown by those who may be considered a threat to the organization.
Final Thoughts on Insider Threat to the Principal
Regardless of the objective or intent, insider threats are very prominent and can alter or harm the well-being of a principal(s) and the executive protection team. Operational intelligence and advance screens help combat the probability of an insider threat attack becoming a reality. Negligence and complacency are an unacceptable issue that must be kept at bay.
Training, training, and more training, for spotting such behavior or that which might rear its head into the malicious realm is paramount. Moreover, resources and even those who are members of the principals’ organization must not only abide by the security protocols in the locations that the principal inhabits, as well as in locations representing the organization but also proactively identify red flags that may morph into an insider threat attack.
