Last Sunday, Tesla CEO Elon Musk sent an all-employee email to Tesla employees revealing that the company was the victim of insider sabotage. Musk indicated that the saboteur made changes to Tesla’s manufacturing operating system using fake usernames and exported a large volume of sensitive internal data to third parties. In his email, Musk revealed that the employee didn’t receive a promotion that he believed he deserved. Musk also discussed third parties, including competitors and Wall Street traders that he believes want to harm Tesla.

What Musk describes is the perfect storm for insider threat: a disgruntled employee, motivated competitors, and outside financial interests. When an employee is reprimanded or denied a promotion, they may act out as the Tesla employee did. It’s difficult, or even impossible, to closely monitor all employees in an enterprise, but special attention must be paid to insiders who display early indicators that they may lash out against the company.

Motivators behind insider threat include:

• Financial distress — monetary gain to address financial problems
• Disgruntled employee — unhappy employee looking to get back at the employer
• Entitlement — belief that they have a right to use sensitive data for their own purposes
• Job insecurity — fear of layoff
• Revenge — feeling mistreated by a manager or employer
• Work conflict — disagreements with coworkers
• Ideology — political or religious beliefs
• Outside influence — motivation from third parties

When insiders — employees, contractors, or partners — exhibit signs of dissatisfaction or deal with a workplace event such as being turned down for a promotion, receiving a negative performance review, or turning in their notice, companies need to pay special attention to them. Not every disgruntled employee will act out like the Tesla employee, but a percentage of them will.

It’s imperative that companies have an insider threat program that monitors employee behavior, especially those with administrative privileges, and detects problems before they impact the business. We cover the 10 steps for establishing an insider threat function in Forrester’s report “Best Practices: Mitigating Insider Threats.”