Insider threats pose significant risks to organizations, particularly in cybersecurity, where individuals with authorized access can misuse their privileges to cause data breaches, financial losses, or operational disruptions. This study explores the vulnerabilities within NamPost’s organizational structure that could be exploited by insider threats, aiming to develop a tailored detection and prevention model. A qualitative research approach was employed, involving semi-structured interviews with 10 participants from NamPost’s ICT department. The findings reveal that high stress, job dissatisfaction, inadequate access controls, and insufficient employee training contribute to insider threats. Participants emphasized the need to foster a supportive organizational culture and implement robust access control measures to mitigate risks. This article discusses these findings, situates them within broader literature, and provides actionable recommendations to strengthen NamPost’s resilience against insider threats.
Cite this paper
Waiganjo, I. N. and Nandjenda, L. S. (2025). Unveiling Insider Threats: Examining Vulnerabilities in an Organizational?Structure: A Case Study of NamPost. Open Access Library Journal, 12, e2797. doi: http://dx.doi.org/10.4236/oalib.1112797.
Cappelli, D.M., Moore, A.P. and Trzeciak, R.F. (2020) The CERT Guide to Insider Threats: How to Prevent, Detect, and Re-spond to Information Technology Crimes. 2nd Edition, Addison-Wesley Professional.
Nassir, N.F.M., Rauf, U.F.A., Zainol, Z. and Ghani, K.A. (2024). Revealing the Multi-Perspective Factors Behind Insider Threats in Cybersecurity. Journal of Media and Information Warfare, 17, 65-82.
Homoliak, I., Toffalini, F., Guarnizo, J., Elovici, Y. and Ochoa, M. (2019) Insight into Insiders and It. ACM Computing Surveys, 52, 1-40. https://doi.org/10.1145/3303771
Greitzer, F.L., Strozer, J.R., Cohen, S.L., Moore, A.P., Mundie, D. and Cowley, J. (2019) Analysis of Internal and External Threat Awareness in Organizational Cybersecurity. Cybersecurity Studies Quarterly, 11, 118-135.
Inayat, U., Farzan, M., Mahmood, S., Zia, M.F., Hussain, S. and Pallonetto, F. (2024) Insid-er Threat Mitigation: Systematic Literature Review. Ain Shams Engineering Journal, 15, Article 103068. https://doi.org/10.1016/j.asej.2024.103068
Kim, A., Oh, J., Ryu, J. and Lee, K. (2020) A Review of Insider Threat Detection Approaches with IoT Perspective. IEEE Access, 8, 78847-78867. https://doi.org/10.1109/access.2020.2990195
Naeem, M., Ozuem, W., Howell, K. and Ranfagni, S. (2024) Demysti-fication and Actualisation of Data Saturation in Qualitative Research through Thematic Analysis. International Journal of Qualitative Methods, 23, Article 16094069241229777. https://doi.org/10.1177/16094069241229777
Greitzer, F.L., Kangas, L.J., Noonan, C.F., Dalton, A.C. and Hohimer, R.E. (2012) Identifying At-Risk Employees: Modeling Psychosocial Precursors of Potential Insider Threats. 2012 45th Hawaii International Conference on System Sciences, Maui, 4-7 January 2012, 2392-2401. https://doi.org/10.1109/hicss.2012.309
Sergiu, E. (2020) Insider Threats and Thermal Stress in the Working Environment. Scientific Bulletin of Naval Academy, 24, 271-276. https://doi.org/10.21279/1454-864x-20-i1-038
Moore, A.P., Perl, S.J., Cowley, J., Collins, M.L., Cassidy, T.M., VanHoudnos, N. and Rousseau, D.M. (2016) The Critical Role of Positive Incentives for Reducing Insider Threats. SEI Tech-nical Report CMU/SEI-2016-TR-014.
Dinev, T., Goo, J., Hu, Q. and Nam, K. (2009) User Behaviour Towards Protective Information Technologies: The Role of National Cultural Differences. Information Systems Journal, 19, 391-412. https://doi.org/10.1111/j.1365-2575.2007.00289.x
Collier, H., Morton, C., Alharthi, D. and Kleiner, J. (2023) Cul-tural Influences on Information Security. European Conference on Cyber Warfare and Security, 22, 143-150. https://doi.org/10.34190/eccws.22.1.1127
Waiganjo, I., Osakwe, J. and Azeta, A. (2024) Impediments to Cyberse-curity Policy Implementation in Organisations: Case Study of Windhoek, Namibia. International Journal of Research and Scientific Innovation, 11, 540-546. https://doi.org/10.51244/ijrsi.2024.1110046
McCormick, M. (2008) Data Theft: A Prototypical Insider Threat. In: Advances in Information Security, Springer, 53-68. https://doi.org/10.1007/978-0-387-77322-3_4
Warkentin, M. and Willison, R. (2009) Behavioral and Policy Issues in Information Systems Security: The Insider Threat. European Journal of Information Systems, 18, 101-105. https://doi.org/10.1057/ejis.2009.12
Shaw, T., Chen, C., Harris, A. and Huang, H. (2018) Examining the Anteced-ents of Insider Threats on Organizations: The Impact of Job Satisfaction, Stress, and Organizational Commitment. Infor-mation & Computer Security, 26, 1-16. https://doi.org/10.1108/ICS-03-2017-0013
Mourad, A., Soeanu, A., Laverdière, M. and Debbabi, M. (2009) New As-pect-Oriented Constructs for Security Hardening Concerns. Computers & Security, 28, 341-358. https://doi.org/10.1016/j.cose.2009.02.003
D’Arcy, J. and Greene, G. (2014) Security Culture and the Employment Relationship as Drivers of Employees’ Security Compliance. Information Management & Computer Security, 22, 474-489. https://doi.org/10.1108/imcs-08-2013-0057
Parsons, K., McCormac, A., Pattinson, M., Butavicius, M. and Jerram, C. (2014) A Study of Information Security Awareness in Australian Government Organizations. Information Management & Computer Security, 22, 334-345. https://doi.org/10.1108/imcs-10-2013-0078
Ngoqo, B. and Flowerday, S. (2015) Employee Perceptions of Insider Threats to Information Security: A Case Study. South African Journal of Information Management, 17, 1-9. https://doi.org/10.4102/sajim.v17i1.632
