Grounded by More Than Weather: The Rising Insider Threat in the Airline Industry

The summer of 2025 was rough for air travel: severe weather, construction delays, and staffing shortages at the FAA made headlines and frustrated passengers. But now, as we move into fall, a familiar storm is brewing: insider threats in aviation. It may be one that’s harder to see but potentially far more dangerous. 

With the October U.S. government shutdown, thousands of federal workers, including TSA agents, were furloughed. Some called in sick. Others have been left uncertain and vulnerable. And that’s where real risk can grow. 

Disruption breeds risk 

When employees feel undervalued, abandoned, or financially strained, the risk of insider threats skyrockets. Aviation is already a high-stakes industry, and now, with morale shaken and trust eroded, the potential for insiders to act out, intentionally or not, is greater than ever. 

Whether it’s a TSA agent bypassing protocol, an airport contractor selling access, or a disgruntled employee clicking on a phishing link, the consequences can be catastrophic. And unfortunately, cybercriminals know this. 

Scattered Spider and the rise of unintentional insiders 

One evolving grouping of threat actors in particular, Scattered Spider or the Scattered Lapsus$ Hunters, has been exploiting this moment. Known for targeting industries like telecom and insurance, they’ve now set their sights on the airlines. What makes them especially dangerous is their ability to blur the line between external and internal threats. In addition to recruiting insiders, they also impersonate them.

 Through social engineering and phishing, they trick real employees into resetting passwords or granting access. According to CISA, these attackers become “functional insiders,” weaponizing trust and identity to infiltrate systems. 

And literally just this week, the Qantas breach is another example that highlights critical lessons for the industry: 

• Vendors with privileged access can become unintentional insiders. 
• Airlines must treat vendor platforms as extensions of their own infrastructure. 
• Attackers don’t always need to plant insiders—they can create them through impersonation. 
• Help desks and contact centers are prime targets for attacks. 

Why aviation is a prime target 

Airlines hold a treasure trove of sensitive data like passport numbers, birthdates, travel histories. Their networks are sprawling and complex, often built on outdated infrastructure. And the stakes? Sky-high. A single breach could disrupt flights, compromise safety, or even interfere with pilot communications. 

The aviation cybersecurity market is expected to nearly double over the next decade, from $7 billion in 2024 to $13 billion by 2034. That incredible growth is a reflection of the escalating threat landscape. 

Insider risk isn’t just digital 

Cyber threats are only part of the story. Insider risk in aviation also includes physical security lapses. There has been cases of employees with terrorism ties gaining airport clearance, incidents of human trafficking, and even staff soliciting bribes from passengers. 

A recent vulnerability in TSA software allowed users to add any name to crew verification systems, potentially letting bad actors walk straight into cockpits. This is a serious wake-up call in an industry that the whole world depends on. 

What can be done about risk in aviation? 

The airline industry cannot afford to wait for another breach or scandal. A critical first step is to assess the insider threat environment and take immediate and proactive steps to reduce risk.  

DTEX can help with proactive insider risk management by identifying: 

• Workflow alignment over flashy demos.
• Minimal disruption over maximal ambition.
• Clear data boundaries over vague promises.
• Continuous improvement over one-time deployments.

And if you aren’t ready for a full insider risk program, you can still look at getting ahead of threats: 

• Monitor behavior: Use tools that flag unusual access patterns — like someone outside their role snooping in passenger records. 
•  Enforce offboarding protocols: Ensure departing employees don’t walk away with sensitive data. 
•  Extend security measures to third-party vendors: Third-party contractors must meet the same security standards as internal staff. 
• Review Zero Trust architecture: Limit users access to only what’s absolutely necessary. 
• Conduct continuous vetting: Background checks shouldn’t stop at hiring. 
• Provide targeted training: Focus security awareness on aviation-specific threats. 

Final Approach

Airlines already battle weather delays, mechanical issues, and logistical nightmares. Insider threats shouldn’t be another turbulence they have to navigate. With the current climate of uncertainty and frustration, especially post-shutdown, the risk is real and rising. It’s time for aviation leaders to treat insider risk not as a possibility, but as a priority. Let DTEX help.