Insider Threat | Intel 471 Skip to content

Insider Threat

The potential for an insider to use their authorized access or understanding of an organization to harm that organization. This harm can include malicious, complacent, or unintentional acts that negatively affect the integrity, confidentiality, and availability of the organization, its data, personnel, or facilities.
Homepage slide 1
15 Insider threat

An insider threat is the potential for an insider to use their authorized access or understanding of an organization to harm that organization. This harm can include malicious, complacent, or unintentional acts that negatively affect the integrity, confidentiality, and availability of the organization, its data, personnel, or facilities.

An insider threat is a security concern that can originate within a target organization. It does not mean the actor must be an existing employee or officer in their firm. They could be consultants, employees, former business partners, auditors, or boards.

The most common way to carry out insider threat activities is through social engineering.

The goal is to manipulate people into giving away sensitive information. For example, they might ask for help with a technical issue, or offer to do work for free. They could also try to gain access to systems by using stolen credentials or malware. A malicious insider can steal money from your company, damage your reputation, or even cause physical harm. As a result, it’s important to understand how these attacks are carried out and what you need to protect against them.

What are the Three Types of Insider Threats?

  • The Current Employee – Most employees can be trusted and loyal; however, there are dishonest or malicious insiders. This occurs especially when an employee has an ax to grind and is seeking revenge against the company. Some examples:
    • Employees who have been demoted or disciplined by the company: These circumstances can give an insider plenty of reasons to retaliate.

    • Non-Voluntary Departures: Employees that have been terminated or fear a company reorganization may take sensitive data with them to their next position.

    • A negligent insider or careless employee who simply reveals or discloses information to others without any ill intent.

    • These are some reasons why every company needs a handbook on proper online security policy measures to eliminate this type of security risk.

  • The Contractor: They often have access to confidential information about the organization’s operations.

  • The Insider Once Removed: An insider threat is someone who works/worked for your organization and is connected to it in some way. They could be a disgruntled employee, a former contractor, or even a member of your family. In all of these cases, the “insider” may choose to use privileged access to resources against the organization.

Even an employee who leaves voluntarily may be considered a “security threat.” The most common scenario is when an employee leaves for a competing company. Most users simply take a broad range of data they need without thinking about who owns the data or the potentially harmful unintended effects.

What are Some of the Risks associated with Insider Threats?

The risk to organizations from insiders may include:

  • Loss of sensitive information and intellectual property;

  • Damage to reputation through loss of customer trust resulting from public disclosure of private information;

  • Financial losses due to theft of funds or fraud;

  • Legal liabilities for negligence or intentional misconduct; including potential liability under federal laws governing computer crimes; and possible legal action brought by individuals whose privacy rights were violated;

  • Increased costs related to investigations and remediation.

Every company needs to be concerned about insider risks. According to the 2017 Verizon Data Breach Investigations Report, more than half of all reported incidents were caused by internal sources, resulting in losses over US $1 billion.