An insider threat is generally defined as a current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system, or data and intentionally misused that access to negatively affect the confidentiality, integrity, or availability of the organization’s information or information systems. Insider threats, to include sabotage, theft, espionage, fraud, and competitive advantage are often carried out through abusing access rights, theft of materials, and mishandling physical devices. Insiders do not always act alone and may not be aware they are aiding a threat actor (i.e. the unintentional insider threat). It is vital that organizations understand normal employee baseline behaviors and also ensure employees understand how they may be used as a conduit for others to obtain information. The following product is intended to act as a springboard for organizations to consider policies and practices used to detect and deter the insider threat.
- Insider Threat: Possible Indicators Video Podcast
- The Insider Threat: An Introduction to Detecting and Deterring an Insider Spy Reference Document
- CERT Insider Threat Publications Reference Document
- The Human Element: Insider Behavior Facilitates Cyber Attacks, Erodes Business Trust Digest Article
- How to Mitigate the Threat Cryptocurrency Mining Poses to Enterprise Security Digest Article