National Insider Threat Awareness Month Quotes and Commentary from Industry Experts in 2025

For National Insider Threat Awareness Month 2025, the editors at Solutions Review have compiled a list of comments from some of the leading industry experts.

As part of this year’s National Insider Threat Awareness Month, we called for the industry’s best and brightest in Identity and Access Management and the broader cybersecurity market to share best practices, predictions, and personal anecdotes. The experts featured represent some of the top influencers, consultants, and solution providers with experience in these marketplaces, and each quote has been vetted for relevance and ability to add business value.

National Insider Threat Awareness Month Quotes from Industry Experts in 2025

Jake Bell, Engineer Team Lead at Object First

“This National Insider Threat Awareness month is a reminder that one of the biggest risks to an organization’s data often can come from within the company. Whether through malicious intent or simple human error, insiders can inadvertently open the door to catastrophic breaches. The most dangerous mindset for any organization is believing ‘it won’t happen to us.’ In today’s threat landscape, leaders must operate under the assumption that a breach is inevitable. This means that secure, tested, and adaptable backup strategies are a non-negotiable.

“This month, IT teams should ensure Zero Trust Disaster Resilience (ZTDR) practices are incorporated into their storage infrastructure. With ZTDR, admins can truly harden their data protection architectures by segmenting backup software and storage, creating resilience zones, and leveraging immutable backups as the final line of defense when attackers slip past defenses. Whether through shadow IT, evolving AI tools, or the click of an unsuspecting employee, with immutable backups and ZTDR principles in place, organizations ensure recovery remains possible even in worst-case insider threat scenarios. Awareness is important, but resilience is essential.”

Patrick Harding, Chief Architect at Ping Identity

“Insider threats have long been a security risk for organizations, but the attack surface is expanding into new territory: AI agents can now act like internal users with their own access and behavior patterns. With 79 percent of senior executives reporting that AI agents are already being adopted in their companies, we’re facing a very stark reality where determining human behavior from bot behavior might be the difference between securing your organization and falling victim to a nefarious attacker.

“Whether it’s a malicious insider, a negligent employee, or an ungoverned AI agent behaving unexpectedly, the fallout from insider threats can be disastrous and long-lasting. That’s why early detection, including identifying unusual patterns like unexpected login attempts or unusual data access, is critical. However, detection alone isn’t enough. Real‑time risk assessment is essential to immediately identify and prioritize the most urgent threats. Finally, decisive actions, including escalating to security operations or enforcing stricter policies, must follow. This month is an important reminder to recognize that every identity, human or AI, needs to be treated with the same level of caution and verification.”

Pete Luban, Field CISO at AttackIQ

“Insider threats, whether from disgruntled employees or compromised credentials, are challenging to detect and prevent with traditional security measures. Insider Awareness Month serves as a reminder to security teams about the importance of simulating real-world insider attack scenarios to assess the effectiveness of their security controls and response protocols.

“Recent spikes in shadow AI usage and a lack of proper cyber hygiene increase the likelihood of insider threats. Using unauthorized tools or platforms can unknowingly expose sensitive data or create exploitable vulnerabilities, as well as poor security practices, like maintaining outdated software or weak passwords.

“By integrating techniques, such as adversarial emulation, into the security lifecycle, organizations can uncover gaps in their detection and mitigation strategies before a real attack occurs. Simulated, continuous testing can ensure that security teams can mitigate attacks before insider threats sidestep defenses and steal valuable company data.”

Joshua Roback, Principal Security Solution Architect at Swimlane

“Insider threats have always been one of the hardest challenges for security teams because they originate from people with legitimate access. Unlike external adversaries, they don’t have to find a way in. They already have the keys. That makes their actions harder to spot and far more damaging when they turn malicious or careless.

“It’s up to organizations to ensure their security systems are well-protected, starting with determining who has access to which systems. Poorly managed access controls can create an environment for insider threats to sprout and thrive. Implementing a mature identity access management solution is the most powerful weapon in mitigating insider threat risks. User behavioural analytics (UBA) can provide proactive detection of anomalous user behaviors, giving security teams a leg up against unannounced attackers.

“The rise of insider threats has resulted in the development of security measures that can ensure that threats are monitored, analyzed, and neutralized before they escalate into catastrophic breaches. Building resilience has required organizations to combine continuous monitoring, automated response, and a strong security culture to reduce the window of opportunity for insider abuse.”

Bojan Simic, Co-Founder and CEO at HYPR

September marks Insider Threat Awareness Month, and this year’s theme, ‘Partnering for Progress,’ cuts to the core of what’s failing in enterprise security today.

“Insider threat mitigation is not an isolated security problem. It’s a company-wide imperative—and it starts with identity. Whether posed by a malicious actor or an employee simply making a user error, insider threats consistently compromise organizations by exploiting gaps in how users are verified at sign-in and throughout a session.

“Identity is rightly regarded as the new perimeter, yet it remains one of the most vulnerable points of access. This is because static credentials, one-time authentication, and siloed access controls leave too much room for misuse. Most systems validate an identity once and then blindly assume that risk has been mitigated. It hasn’t.

“But technology is only half the battle. True ‘Partnering for Progress’ means aligning IT, security, HR, and compliance. Without identity assurance embedded across these functions, insider threats will inevitably slip through. The companies that are preventing breaches are not just reacting to threats; they are proactively integrating identity into every strategic decision. They are the ones who are building a resilient, security-first culture from the inside out.”

Aditya Sood, VP of Security Engineering and AI Strategy at Aryaka

“Insider Threat Awareness Month is a critical initiative for raising awareness about the unique security risks posed by internal actors. There have been several examples of insider threats wreaking havoc on major corporations, with Elon Musk’s X being the most prominent recent example.

“A malicious insider is a significant cybersecurity risk, as such individuals can steal intellectual property, exfiltrate confidential information, sabotage systems, or manipulate business operations for personal gain or in collusion with outside threats. The impact can range from financial losses and reputational damage to regulatory penalties and national security risks.

“Awareness about malicious insider activities is crucial because employees and stakeholders must understand the importance of safeguarding credentials and the necessity of reporting suspicious activity. By teaching employees to recognize the signs of suspicious behavior and reinforcing the importance of strict access controls and reporting protocols, organizations can transform their entire workforce into a crucial line of defense against internal threats. Employees’ role in this is not just important: it’s indispensable. They are the first line of defense, and their commitment to this cause will keep organizations secure.”

Steve Wilson, Chief AI and Product Officer at Exabeam

“The danger from insider threats continues to grow in the modern cyber landscape, particularly as AI accelerates their speed, stealth, and sophistication. With 64 percent of cybersecurity professionals now viewing insiders as a greater risk than external actors, Insider Threat Awareness Month is a critical opportunity to emphasize proactive defense strategies.

“While 88 percent of organizations have insider threat programs, many lack behavioral analytics needed to detect AI-enhanced attacks that exploit trusted access and mimic legitimate user behavior. As threats intensify across sectors like government, healthcare, and manufacturing, this initiative provides an opportunity to call for stronger governance, cross-functional collaboration, and real-time detection capabilities to stay ahead of both human and AI-driven insider risks.”

Mark Wojtasiak, VP of Product Research and Strategy at Vectra AI

“Insider Threat Awareness Month is a reminder that the challenge isn’t just at the perimeter; it’s inside organizations, where identities, networks, and everyday user behavior are constantly at play. Security teams are inundated with thousands of alerts daily, yet only a small fraction represent real threats. This noise leaves many analysts unable to review more than a third of alerts, and the fear of missing an attack is a weekly reality for most SOC professionals. Ultimately, this noise drowns out the signal that matters most—the activity rooted in how identities are used and how they traverse the network.

“Compounding this, recent industry research shows that insider threats, particularly non-privileged users whose accounts are compromised or misused, are now the most prevalent attacker profile. Nearly two out of five prioritized threats are tied to insider behaviors. The reality is that user and identity misuse is inevitable in today’s complex networks and environments. That’s why security leaders need to focus on detection and response strategies that look beyond the perimeter and zero in on how accounts, identities, networks, and data are actually being used. Reducing noise while elevating the signal that matters most is critical to empowering SOC teams to catch what could otherwise slip through the cracks.”

Want more insights like these? Register for Insight Jam, Solutions Review’s enterprise tech community, which enables human conversation on AI. You can gain access for free here!