An insider attack is a cyber security risk that originates within a company. It usually happens when a current or former employee, contractor, vendor, or partner with legitimate user credentials abuses their access to the organization’s networks, systems, and data. An insider steals information from an organization for personal financial or other gains, or to intentionally harm the organization. Insider threats are classified based on the intent and motivation of the individuals involved.
Negligent:
These insiders may be unresponsive to security awareness and training exercises, or they may commit isolated errors due to poor judgment. In either case, the most expensive type of employee risk is often cited as negligence.
Collusive:
These cases frequently involve fraud, intellectual property theft, or a combination of the two, making them extremely expensive. This type of collusion may also be more difficult to detect because malicious external threat actors are typically well-versed in security technology and detection strategies.
Malicious:
Malicious insiders seeking a second source of income will typically exfiltrate data slowly to personal accounts in order to avoid detection.
Third-Party:
These insiders may have employees who fall into one of the categories listed above, or they may simply have flaws in their own systems and devices that allow attackers to exploit them.
|DataNudge 