The Weekly Breach Breakdown Podcast: Finding NIMO – The Hidden Identity Threats Inside Your Organization - S6E35

Show Transcript

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for November 14, 2025. I’m Tim Walden, and thanks to SentiLink for their support of the podcast and the ITRC. Each week, we look at the most recent events and trends related to data security and privacy. This week, we’re talking about something that rarely makes headlines but is often a damaging form of identity and data crime: hidden identity and insider threats.

A new analysis by cybersecurity researcher Michael Robinson examined over a thousand real-world insider threat cases from U.S. court records. The findings reveal some uncomfortable truths about who the bad actors are, how they operate and why organizations often fail to recognize them.

When we think about cybercrime, we often imagine external “hackers” breaking into our systems. However, Robinson’s data shows that in many cases, the person behind the keyboard already belongs there. Often, it is an employee, executive or contractor with legitimate access who decides to misuse it.

One in four of the insiders he studied were high-level executives: vice presidents, presidents and even C-suite leaders. Another 20 percent were top-performing employees who’d earned promotions and trust. These weren’t disgruntled workers on their way out; they were ambitious professionals who saw opportunity and exploited it.

The danger of hidden identity threats doesn’t always end when an employee leaves. More than half of the insiders in these cases quit voluntarily, but came back to do harm later. Why? Because many organizations don’t fully close off access. Former employees may still have logins to cloud tools, shared drives or remote systems.

Robinson’s research also uncovered growing sophistication in how insiders steal data. Many use multiple methods such as emailing files, saving them to USB drives or even snapping photos of the screen. In nearly a third of cases, insiders worked in pairs or small groups, spreading out their activities so that detection systems would miss them.

All of this points to a bigger issue, what Robinson calls the “NIMO” mindset: Not In My Organization. Many companies mistakenly believe they’re immune because they trust their employees or security tools. But optimism isn’t a defense strategy.

So what can you do to reduce hidden identity risk?

For organizations: limit unnecessary access, shorten offboarding timelines and keep system logs longer so you can spot long-term misuse. For individuals: be cautious about the permissions you grant when leaving a job, and watch for signs of misuse of your old credentials, such as unusual activity or notifications tied to former employers.

Identity crime doesn’t always come from the outside. Sometimes it starts within, quietly, carefully and undetected until the damage is done. Awareness is the first step toward prevention.

If you want to know more about how to protect your business or personal information, learn more hidden risks of identity crime or think you have been the victim of identity theft, fraud or a scam, you can speak with an expert ITRC advisor on the phone, via text message, chat live on the web or exchange emails during our normal business hours (Monday-Friday, 6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

Thanks again to Sentilink for their support of the ITRC and this podcast. Please hit the like button for this episode and subscribe wherever you listen to your podcasts. We will return next week with another episode of the Weekly Breach Breakdown. I’m Tim Walden. Until then, thanks for listening.