Despite stunning incident counts, many if not most insider threats remain unreported. Reasons vary but all bloom from the same stem: The victim company’s fear of being harmed again, either by the legal system or law enforcement. But are those fears real and justified, or are they spun from myths? Time to take a look at what actually happens after a company contacts the FBI, formally or informally.
The Scene …
“About three out of every four malicious insider incidents are handled internally, with no legal action or no law enforcement activity taken,” which means “these incidents are significantly underreported,” says Randy Trzeciak, director of the National Insider Threat Center, which is in the CERT division of the Software Engineering Institute at Carnegie Mellon…