An insider threat is the actions of an insider (employee, vendor, counterparty) aimed at using their authorized access to a company's information or confidential documents
in order to harm the organization. According to the Ponemon Institute,
there are 3 types of insider leaks:
- Careless or negligent employee or contractor (56%)
- Criminal insider, including employee or contractor malice (26%)
- Employee/user credential theft (a.k.a. imposter risk) (18%)
All these actions, whether or not they are performed under the influence of some unscrupulous motive, nevertheless negatively affect the integrity, confidentiality and security of the organization, its data, personnel and/or facilities. In addition, such leaks can lead to both financial and reputational consequences.
In general, an insider threat, as defined by the Cybersecurity and Infrastructure Security Agency (CISA)
, is the threat that an insider will intentionally or unwittingly use their authorized access to harm the company's mission, resources, personnel, facilities, information, equipment, networks, or systems.