In more general terms, awhistleblowerexposes alleged misconduct or dishonesty, or illegal activity occurring within an organization. The alleged misconduct includes the violation of a law, rule, regulation and/or a direct threat to public interest, such as fraud, health and safety violations, and corruption.
The history of whistleblowing in the United States is almost as old as the country itself. The first case dates back to 1777 whenSamuel ShawandRichard Marvenblew the whistle on the torturing of British prisoners of war.As consequence, the Continental Congress enacted the whistleblower protection law on July 30, 1778, by a unanimous vote and dismissed the responsible commander-in-chief of the Continental Navy. Amodern versionof this protection law is in place today, including special versions for employees in intelligence services.
Not all exposures of information by insiders need to be external, somerecent revelations about illegal expense practicesshow that internal investigations are possible without any (bad) consequences for the whistleblower. Are insiders that blow the whistle externally sacrificing themselves for the sake of people and a better society? Or are they following their own hidden agenda to harm organizations for their own benefit?
There is no clear answer to these questions, as it will depend on the case at hand. Insiders per definition are employees or contractors that have entered a relationship of trust with the organization for which they work. Trust here means that, by entering into a work relationship with the organization, the insiders accept to abide by the rules and obligations that come with the position.
However, this relationship of trust does not, and should not, include alleged dishonest, unethical or illegal activity occurring in the organization. The insider must obey laws and hold to ethical practices, even in spite of his or her trusted relationship with his organization. But when it comes to internal processes and decision-making inside an organization, who decides what is ethical or even legal?
In light of revelations and leaks of information, the judgment of behavior inside an organization as “right or wrong” is ultimately left to the insider. He or she will subjectively decide whether the perceived wrongdoing of the organization outweighs the obligations of a trusted relationship with the organization, and whether he or she is willing to accept possible consequence of leaking information externally. It’s an individual judgment callwithout checks and balances, which can result in positive outcomes to society and people, or not.
While cases of whistleblowers such asSnowdenorManninghave dominated the news, less light has been shed on insiders that do harm to their organization, either for their own personal gain, out of pure disgruntlement, or by simple neglect. The overwhelming majority of insider threat cases reported byCERTare in these categoriesand inflict enormous damages to government organizations and companies every year in the United States and worldwide. According to arecent warningissued by the FBI and the Department of Homeland Security, these kinds of insider threat cases are on the rise in recent months and “pose a significant cyber security threat to US businesses.” One incident can further incur costs of up to $3 million, according to recent FBI cases.
The following posts of this blog series aim to decode these insider threat cases, their impact and costs, and to discuss ways to prevent, detect and mitigate them.
To learn more about how Vectra works, watch this two minute video.