Just when many security professionals thought company \u201cinsider threats\u201d might be under control \u2013 along comes the Edward Snowden story as well as new technologies that don\u2019t fit traditional insider threat paradigms.\tOver the past several years, numerous groups, such as the FBI, CERT.org and securelist.com, have attempted to categorize and describe how to combat various insider threats that we face every day.\tRecent headlines have highlighted what I believe are two new threats that have traditionally received minimal attention. These new insider threats include a new employee profile to consider and a series of disruptive technologies. Specifically:\t\t\tThe conscientious objector\t\t\tWearable technology\tAfter Snowden: Should we add \u2018conscientious objector\u2019 as a new insider threat category?\tEven while the case of Edward Snowden continues to develop before our eyes and grab global headlines, most of us can agree that the NSA contractor thought of himself as a \u2018conscientious objector\u2019 of sorts. He revealed the NSA PRISM program because he didn\u2019t like where he thought it was leading American society. There is a huge debate about his true motives and intentions, but those topics are for a different article.\tSome people may include Bradley Manning, the Wikileaks informer, in this \u2018conscientious objector\u2019 category as well. However, that assertion is not as clear in my view. Time will tell how society ultimately views these two men.\tAs I have written in a Government Technology blog, I believe Snowden is no Bonhoeffer. He revealed classified documents to the press, and he needs to be brought back to the USA to face the consequences. I am attempting to bridge the gap between those who call Snowden a \u2018whistleblower\u2019 or even a hero in contrast with those who view him as a traditional spy who revealed US secrets or even call him a \u2018traitor.\u2019\tNevertheless, along with my mother-in-law and other Snowden supporters, I don\u2019t think he fits easily into any of the securelist.com insider threat profiles. If you believe his video comments, Snowden\u2019s actions were motivated by growing convictions against the government\u2019s PRISM program policy and\/or implementation of NSA\u2019s overall surveillance program.\tNote: The Securelist insider threat categories include: the careless insider, the na\u00efve insider, the saboteur, the disloyal insider, the moonlighter and the mole. \tRegardless of whether you are a supporter of Snowden\u2019s actions or you seriously question what he did, I hope you can agree with me that there are many ways that someone can be a conscientious objector in situations that go beyond military matters.\tFor example, this Forbes article discusses nurses who struggle with conscientious objections in offering healthcare treatment to certain patients or performing certain procedures.\tHow could a conscientious objector be an insider threat?\tFirst, I want to emphasize what I am NOT saying. I am not referring to traditional whistleblowers who go through formal company processes or hotlines to reveal fraud, waste or abuse. To be sure, these whistleblowers are to be commended and praised. Nor am I talking about staff going to the police when crimes are committed \u2013 assuming appropriate company policies and procedures are followed.\tSecond, I am talking about employees going outside the normal process to \u201creveal\u201d information that makes them uncomfortable \u2013 such as sharing data with groups or people that the company or government could reasonably argue were improperly given the information. This could include going straight to the press or posting material on social networking sites.\u00a0\u00a0\tI think more computer programmers or engineers, who disagree with their company\u2019s ethics, policies or procedures, will take unauthorized actions in the future. Or, employees will go public with management\u2019s enforcement (or lack thereof) regarding security or privacy policies, rather than work through company prescribed guidelines. For example, an employee from a computer company could be unhappy with the tracking of the online habits of customers and release damaging data to the press or to competitors.\u00a0\u00a0\tThird, this discussion walks a fine line between inappropriate management action(s) on the one side and employees becoming an insider threat because they disagree with a company policy or procedure on the other. Like Snowden, some employees will see themselves as a whistleblower while management will likely see them as violating policies and\/or procedures. I am not making a value judgment regarding the merits of who is right or wrong - only saying that this will be an issue that security pros will be pulled into going forward - just as we are involved in employees being terminated today.\u00a0\tFourth,\u00a0one question becomes what happens if\/when an employee decides to go public with information that harms the reputation of a company or government.\u00a0 Actions could affect stock price, harm customer relations, and inhibit capabilities or cause lawsuits.\u00a0\tTopic #2 - Is there a camera in those glasses? Or, will we need data loss prevention (DLP) for clothes?\tAnother hot topic in the press right now is wearable technology from glasses to watches to gloves. While this new technology is getting a mixed greeting from privacy advocates, most experts see wearable technology as inevitable. But are enterprises ready? Will wearable technology become\u00a0another aspect of\u00a0bring your own device (BYOD)\u00a0to work anytime soon?\tTrue, we have had smartphones with cameras for years. However, others can see when someone is taking pictures with a smartphone. New wearable technology could be recording conversations or copying intellectual property without being detected. Currently, the most talked about\u00a0privacy concern in this category\u00a0comes from\u00a0Google glass, but other companies are not far behind.\tCould security protocols be violated? Will we need new data loss prevention (DLP) for these wearable devices or clothes? Where is this heading? It appears that we will be seeing more and more wearable technology in 2014 and beyond, so get ready now.\tSolutions Anyone?\tIn conclusion, dealing with insider threats has been hard for years. No one is exempt from dealing with our changing technological landscape or our own role in helping secure the enterprise. I wrote this blog over three years ago which asks: Are you an insider threat?\tI don\u2019t have any simple answers for these new insider threat scenarios. Still, one key mitigation step is to adopt more transparency regarding company policies and the corresponding back-office behaviors of employees regarding security and privacy. New technology involving the use of \u201cbig data\u201d makes this topic especially important as we move into 2014.\tSecond, start a conversation with your employees. Work through issues the old fashioned way \u2013 do lunch (or coffee). Take advantage of the innovative ideas and even concerns of your team members.\tFinally, take another look at how you are addressing risk in both internal and external threats today. Training staff and constant vigilance are both necessary. (This insider threat information from Dartmouth can help.)\tAn attitude of \u201cthat can\u2019t happen to us\u201d will likely be problematic. Remember that we have seen new insider threats before \u2013 from social networks to smartphones to USB drives. One person\u2019s cool new Christmas present is often the security department\u2019s new insider threat. Seek balance \u2013 and try to enable appropriate controls.\tWhat are your thoughts on new insider threats?