An insider threat is a type of threat that comes from within the organization, such as from an employee. These types of threats can also be posed by those with former associations with the organization. Prior and current employees, contractors, business associates, and others with information about the business or its security practices can become an insider threat. The same is true of anyone granted access at any time to the data on the networks and systems of the organization.
Insider threats pose a unique set of challenges. Workers need information in order to do their jobs, but systems data needs to be protected in order to minimize risk. Every organization has to find a way to strike a balance between these conflicting needs.
Resources
- Top 10 Considerations for Building an Insider Threat Mitigation Program lays out a ten step plan in two pages from Deloitte Consulting.
Check Your Knowledge
Question
1
True or false: An insider threat can only come from a current employee.
True
False
Incorrect. Previous employees, contractors, and others can be insider threats.
Correct.
Question
2
Which of the following is not an insider threat?
current staff
former staff
hackers in the same physical location
on-site contractors
Incorrect. This is an insider threat.
Incorrect. This is an insider threat.
Correct. This is not an insider threat, as the person has no affiliation with the organization.
Incorrect. This is an insider threat.