Wikipedia describes an insider threat as “a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization’s security practices, data and computer systems. The threat may involve fraud, the theft of confidential or commercially valuable information, the theft of intellectual property, or the sabotage of computer systems.”
CERT redefined “insider threat” in March 2017 to cover malicious and non-malicious (unintentional) insider threats; to also include both cyber and physical impacts; and to apply the new definition to both government and industry. CERT’s main goal entailed making the term “insider threat” clear, concise, and consistent with existing definitions of ‘threat’ and broad enough to cover all insider threats.
CERT achieved their goal with this succinct definition:
“Insider threat — the potential for an individual who has or had authorized access to an organization’s assets to use their access, either maliciously or unintentionally, to act in a way that could negatively affect the organization.”
For the purpose of this blog post, let’s flow with CERT’s definition.
Earlier this year The Institute for Critical Infrastructure Technology (ICIT) published a gripping report on insider threats. This fascinating report filled with “think tank” objectives, detailed comprehensive insider threat categories and other innovative ideas that I had not considered prior to reading this report—like company culture and the human factor as capable of maintaining both the strongest and weakest link in every organization’s cybersecurity.