By 
RELATED: Cybersecurity Trends 2024-2025: Ransomware, scams, and anti-piracy wins in Africa
It’s unsettling to consider that someone inside the organisation could cause harm. Maybe it’s a long-trusted employee, a contractor, or even a former team member who still has access. But the truth is, insider threats don’t always stem from malice. Sometimes it’s a careless click. Sometimes it’s stress, resentment, or confusion about what’s allowed and what’s not. And occasionally, yes, it is intentional and destructive.
I believe that addressing insider threats starts with awareness and empathy. We need to understand why people might become risks, not just how. Is someone overworked and making mistakes? Are they feeling undervalued or overlooked? Are they being manipulated by someone outside the organisation? Behaviour often tells a story before any breach occurs.
From a practical standpoint, detection begins with visibility. We have to know what’s happening in our environment. That’s why tools like User Behaviour Analytics (UBA), Data Loss Prevention (DLP), and access controls matter. They help us spot irregular patterns, like someone accessing files they’ve never touched before, downloading large amounts of data, or trying to bypass controls.
But technology alone isn’t enough. I’ve learned that the culture of a company plays a major role. When people feel heard, supported, and respected, they’re less likely to go down a risky path. On the flip side, toxic environments breed silence, and silence breeds threats.
So, what can we do to prevent insider breaches?
- Limit access based on roles. No one should have more access than they need.
- Monitor behaviour, but be transparent about it. People should know that we’re safeguarding the organisation, not watching them out of distrust.
- Train regularly, not just once. Security awareness should be part of everyday work life, not a one-off seminar.
- Encourage a culture of speaking up. If someone sees something off, they should feel safe to report it, without fear.
- And most importantly, build relationships. When leaders genuinely connect with their teams, issues can be spotted and addressed early, before they become breaches.
In the end, insider threat prevention is about trust, but it’s also about verification, clarity, and accountability. It’s about protecting people and data together, not choosing one over the other.
We’re all human. We make mistakes. We get stressed. But when we work together with empathy and vigilance, we can create a security-conscious workplace where everyone plays a part in keeping things safe.
Oladipupo Adeosun, MBA is expert in Enterprise Solution Architecture (IT Security | CyberSecurity | Core IT Infrastructure | Black Box – Penetration Testing
