DEFINING INSIDER THREATS

Insider threats present a complex and dynamic risk affecting the public and private domains of all critical infrastructure sectors. This section provides an overview to help frame the discussion about insiders and the threats they pose; Defining these is a critical step in understanding and establishing an insider mitigation program.


  1. What is an Insider?

  • An insider is anyone who has or has had authorized access to or knowledge of an organization’s resources, including personnel, facilities, information, equipment, networks, and systems.
  • Someone the organization trusts, including employees, members of the organization, and those to whom the organization has provided sensitive information and access.
  • when A person receives a badge or access device that identifies them as a person with regular and continuous access (for example, an employee or member of an organization, a contractor, a supplier, a guard, or a repairer).
  • Person to whom the organization has provided a computer and/or network access.
  • A person who develops the products and services of the organization; this group includes those who know the secrets of the products that bring value to the organization.
  • Someone who knows the fundamentals of the organization, including prices, costs, and the strengths and weaknesses of the organization.
  • A person who knows the business strategy and goals of the organization, who is entrusted with future plans or the means to support the organization and ensure the well-being of its employees.
  • In the context of government functions, the insider can be someone with access to protected information which, if compromised, could harm national security and public safety.

II.   What Is Insider Threat?

Insider threat is the ability for an insider to use their authorized access or understanding of an organization to harm that organization. This harm can include malicious, complacent, or unintentional acts that negatively affect the integrity, confidentiality and availability of the organization, its data, staff or facilities. External stakeholders and DHS clients may find this generic definition better suited and adaptable to their organization’s use.Defining Insider Threats

The Cyber ​​and Infrastructure Security Agency (CISA) defines insider threat as the threat that an insider will use their authorized access, intentionally or not, Defining Insider Threats to harm the mission, resources, personnel, facilities, information, equipment, networks, or systems. This threat can manifest as damage to the Ministry through the following insider behaviors:

  • Espionage
  • Terrorism
  • Unauthorized disclosure of information
  • Corruption, including participation in transnational organized crime
  • Sabotage
  • Workplace violence
  • Intentional or unintentional loss or degradation of departmental resources or capabilities

III.   What Are the Types of Insider Threats?

Unintentional threat

Negligence –

Such an insider exposes an organization to a negligent threat. Careless insiders are generally familiar with security and / or IT policies. But they choose to ignore them, creating a threat to the organization. Examples include allowing someone to “piggyback” through a secure entry point. A portable storage device with sensitive information is misplaced or lost. And include ignoring messages to install new ones. Security updates and fixes.

Accidental –

An insider of this type mistakenly causes an unforeseen risk to an organization. Organizations can work successfully to minimize accidents, but they will happen; they cannot be completely avoided, but those that do occur can be mitigated. Examples include entering an email address incorrectly and accidentally sending a sensitive business document to a competitor, unknowingly or inadvertently clicking on a hyperlink, opening an attachment containing a virus in a phishing email, or improper disposal of sensitive documents.

Intentional threats –

Intentional threats are actions taken to harm an organization for personal gain or in response to a personal grievance. The intentional insider is often synonymous with “malicious insider”. Motivation is personal gain or damage to the organization. For example, many insiders are motivated to “take revenge” because of unfulfilled expectations related to a lack of recognition Defining Insider Threats (eg, promotion, bonuses, desirable travel) or even dismissal. Their actions include leaking sensitive information, harassing associates, sabotaging equipment, or committing violence. Others have stolen proprietary data or intellectual property in the false hope of advancing their careers.

Other threats

Collusive threats – A subset of malicious insider threats are collusive threats, where one or more insiders collaborate with an external threat actor to compromise an organization. These incidents frequently involve cybercriminals recruiting one or more insiders to enable fraud, intellectual property theft, espionage, or a combination of the three.

Third-Party Threats – Additionally, third-party threats are typically contractors or vendors who are not formal members of an organization, but who have been granted some level of access to facilities, systems, networks, or people. to do their job. These threats can be direct or indirect threats.

  1.   How Does an Insider Threat Occur?

Violence –

This action includes the threat of violence, as well as other threatening behavior that creates an intimidating, hostile or abusive environment.

Workplace / organizational violence is any action or threat of physical violence, harassment, sexual harassment, intimidation, intimidation, offensive jokes, or other threatening behavior by a colleague or associate that occurs on the premises. a person’s workplace or while a person is working. Terrorism as an insider threat is an illegal use or threat of violence by employees, members, or other persons closely associated with an organization, against that organization. Terrorism aims to promote a political or social objective.

Espionage – Espionage is the covert or unlawful practice of spying on a foreign government, organization, entity, or person to obtain confidential information for military, political, strategic, or financial purposes.

Financial espionage is the secret practice of obtaining trade secrets from abroad. For example, all types and financial and business, scientific, technical, financial or engineering information. And methods, techniques, processes, processes, programs or code production. Government espionage is the act of gathering intelligence. Which is done against another government for political or military gain from one government.It can also include governments spying on legal entities such as aviation companies, consulting firms, think tanks, or ammunition companies. Government espionage is also known as intelligence gathering.

Criminal espionage involves a US citizen who betrays US government secrets to foreign nations.

Sabotage –

Sabotage describes deliberate actions aimed at damaging an organization’s physical or virtual infrastructure, including failure to follow maintenance or IT procedures, contamination of clean spaces, physically damaging facilities, or removal of code. to prevent regular operations. Physical sabotage is taking deliberate action to harm an organization’s physical infrastructure (for example, facilities or equipment). Virtual sabotage takes malicious measures by technical means to disrupt or shut down the normal business operations of an organization.

Theft –

Theft is a simple act of theft. So be it money or intellectual property. Not only this, taking money or property of a person illegally is a financial crime. Or to use illegally. Business, and for-profit organizations. Theft of intellectual property is the idea of ​​an individual or an organizationIn other words theft or invention and theft of creative expression. With trade as well as proprietary products And . even the concepts and objects of theft came.

Cyber ​​-

The digital threat includes theft, espionage, violence, and sabotage of anything related to technology, virtual reality, computers, devices, or the internet.

Unintentional threats are the non-malicious (often accidental or inadvertent) exposure of an organization. IT infrastructure, systems, and data that cause unintentional damage to an organization. Examples include phishing emails, malware, and “malvertising” (embedding malicious content in legitimate online advertising). Intentional threats are malicious acts commit by opposing insiders. Which are used to disrupt the regular business operations of an organization. Or use technical means to stop it. Identify IT vulnerabilities, obtain protected information or plan attacks by the intrusion. Computer system. This action may involve modifying data or inserting malware or other offensive software to disrupt systems and networks.