An insider threat is generally defined as a current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system, or data and intentionally misused that access to negatively affect the confidentiality, integrity, or availability of the organization’s information or information systems. Insider threats, to include sabotage, theft, espionage, fraud, and competitive advantage are often carried out through abusing access rights, theft of materials, and mishandling physical devices. Insiders do not always act alone and may not be aware they are aiding a threat actor (i.e. the unintentional insider threat). It is vital that organizations understand normal employee baseline behaviors and also ensure employees understand how they may be used as a conduit for others to obtain information. The following product is intended to act as a springboard for organizations to consider policies and practices used to detect and deter the insider threat.
- Introduction: Insider Threat and the Malicious Insider Threat – Analyze. Deter. Discover. Prevent. Respond Journal Article
- Extensions to Carnegie-Mellon University’s Malicious Insider Ontology to Model Human Error Journal Article
- The Human Element: Insider Behavior Facilitates Cyber Attacks, Erodes Business Trust Digest Article
- Offensive Intrusion Analysis: Uncovering Insiders with Threat Hunting and Active Defense Journal Article
- How to Mitigate the Threat Cryptocurrency Mining Poses to Enterprise Security Digest Article