ABERDEEN PROVING GROUND, Md. — National Insider Threat Awareness Month, observed each September, is a time for the U.S. government and its agencies to highlight the importance of detecting, deterring, and mitigating insider threats. The initiative aims to educate personnel on behavioral and technical indicators, promote a culture of vigilance, and encourage the reporting of suspicious activity.
The Army’s insider threat programs focus on identifying behavioral and technical indicators that may signal risk. Through training, awareness campaigns, and tools like iWATCH and iSALUTE, the Army encourages personnel to recognize suspicious activity and report it promptly. The goal is to protect sensitive information, maintain operational security, and foster a culture of shared responsibility.
As the Army observes this monthlong campaign, Ryan Perry, currently serving on detail in operations security at U.S. Army Communications-Electronics Command, is emphasizing the evolving nature of insider threats and the need for proactive vigilance across the workforce.
“Insider threats aren’t always malicious,” Perry said. “Sometimes it’s just negligence or poor judgment. That’s why we focus on behaviors and patterns—not individuals.”
Perry, who brings years of military experience in security and emergency management, said insider threat awareness is a shared responsibility.
“Security isn’t just for security personnel,” he said. “Security is everyone’s job.”
Misconceptions and Behavioral Indicators
Perry addressed several common misconceptions, including the belief that insider threats only involve disgruntled employees or espionage.
“A lot of breaches happen because someone clicked a phishing link or mishandled data,” he said. “It’s not always someone trying to sabotage the organization.”
He outlined key behavioral indicators that, when observed as part of a pattern, may signal a potential threat. These include:
- Financial distress
- Unusual interest in sensitive information
- Expressing dissatisfaction or resentment toward supervisors, colleagues, assigned duties, or the chain of command
- Working irregular hours
- Sudden changes in demeanor or behavior
“You know your coworkers,” Perry said. “If something feels off, it’s worth paying attention.” He cautioned that a single behavior isn’t necessarily cause for alarm, but multiple indicators over time should prompt reporting through proper channels.
AI and the New Frontier of Social Engineering
Perry also highlighted the growing role of artificial intelligence in social engineering tactics.
“Deepfakes and AI-generated impersonations are making it harder to detect threats,” he said. “We’ve gone from crude videos to realistic impersonations of senior leaders in just a few years.”
He warned that AI tools can scrape social media and craft highly personalized phishing messages that reference a person’s interests, job role, or colleagues.
“They’re designed to look legitimate,” he said.
To mitigate these risks, Perry recommends using secure, Army-approved platforms such as CamoGPT and A.I. Flow.
“You should never upload sensitive data to public AI tools,” he said. “Even a code snippet can reveal system vulnerabilities.”
Differentiating Disruption from Threats
Not all workplace issues are security concerns, Perry noted.
“Arguments or performance issues aren’t necessarily threats,” he said. “But if someone’s trying to bypass security controls or access data they don’t need, that’s a different story.”
Programs like iWATCH and iSALUTE help distinguish between disruptive behavior and genuine threats. iSALUTE is the Army’s primary reporting system for suspicious activity, while iWATCH encourages community vigilance and awareness.
“Early reporting allows us to intervene before damage is done,” Perry said. “It triggers an impartial investigation. The goal is to find facts and, if needed, offer support—whether that’s retraining or addressing underlying issues.”
The Future of Insider Threat Awareness
Looking ahead, Perry said the insider threat landscape is constantly evolving.
“We’re always looking for the next big thing and tackling emerging challenges,” he said.
He pointed to the proliferation of generative AI as a growing concern, particularly in the creation of phishing emails that reference specific interests, locations, and activities—making them more credible and harder to detect.
Perry emphasized that insider threat awareness must be a continuous effort.
“It’s not a one-time training,” he said. “It’s an ongoing effort to stay ahead of potential threats. By staying informed and vigilant, we can better protect our organization and each other.”
Social Sharing