HOME
        TheInfoList






(Learn how and when to remove this template message)

Insider threat management is the process of preventing, combating, detecting, and monitoring employees, remote vendors and contractors, to fortify an organization's data from insider threats such as theft, fraud and damage.[1]

Backgroundinsider threats such as theft, fraud and damage.[1]

Background

An insider is an individual who is employed by an agency and has access to facilities, sensitive information, organizational data, information systems, and other equipment.[2] They may have accounts giving them legitimate access to computer systems, with this access originally having been given to them to serve in the performance of their duties; these permissions could be abused to harm the organization. Insiders are often familiar with the organization's data and intellectual property as well as the methods that are in place to protect them. This makes it easier for the insider to circumvent any security controls of which they are aware. Physical proximity to data means that the insider does not need to hack into the organizational network through the outer perimeter by traversing firewalls; rather they are in the building already, often with direct access to the organization's internal network. Insider threats are harder to defend against than attacks from outsiders since the insider already has legitimate access to the organization's information and assets.[3]

Insiders may comprise permanent and temporary employees, vendors, contractors, suppliers, or ex-employees.[4] Most common insiders are those that have elevated access where they can utilize sensitive information without drawing suspicion. However, anyone can be an insider threat to an organization if they do not dispose, secure, utilize sensitive information described in an agency's regulations. There have been cases where individuals are compromised by an opposing agency and exploited by the individual's financial status, threats on their life, or other factors in order to force the individual to comply with the opposing agencies demands.

Criminal activity

An insider may attempt to steal property or information for personal gain, or to benefit another organization or country.[3] These attacks may range from information data being stolen to the destruction of business property. Insiders may perform the following threats against their organization:

  • Espionage, criminal enterprise, fraud, theft and unauthorized disclosure of information (Classified information, sensitive information, intellectual property, trade secrets, Personally Identifiable Information (PII) )
  • Information technology sabotage
  • Any action that results in the loss or degradation of org

    An insider is an individual who is employed by an agency and has access to facilities, sensitive information, organizational data, information systems, and other equipment.[2] They may have accounts giving them legitimate access to computer systems, with this access originally having been given to them to serve in the performance of their duties; these permissions could be abused to harm the organization. Insiders are often familiar with the organization's data and intellectual property as well as the methods that are in place to protect them. This makes it easier for the insider to circumvent any security controls of which they are aware. Physical proximity to data means that the insider does not need to hack into the organizational network through the outer perimeter by traversing firewalls; rather they are in the building already, often with direct access to the organization's internal network. Insider threats are harder to defend against than attacks from outsiders since the insider already has legitimate access to the organization's information and assets.[3]

    Insiders may comprise permanent and temporary employees, vendors, contractors, suppliers, or ex-employees.[4] Most common insiders are those that have elevated access where they can utilize sensitive information without drawing suspicion. However, anyone can be an insider threat to an organization if they do not dispose, secure, utilize sensitive information described in an agency's regulations. There have been cases where individuals are compromised by an opposing agency and exploited by the individual's financial status, threats on their life, or other factors in order to force the individual to comply with the opposing agencies demands.

    Criminal activity

    An insider may attempt to steal property or information for personal gain, or to benefit another organization or country.[3] These attacks may range from information data being stolen to the destruction of business property. Insiders may perform the following threats against their organization:

    • Espionage, criminal enterprise, fraud, theft and unauthorized disclosure of information (Classified information, sensitive information, intellectual property, trade secrets, Personally Identifiable Information (PII) )
    • Information technology sabotage
    • Any action that results in the l

      Insiders may comprise permanent and temporary employees, vendors, contractors, suppliers, or ex-employees.[4] Most common insiders are those that have elevated access where they can utilize sensitive information without drawing suspicion. However, anyone can be an insider threat to an organization if they do not dispose, secure, utilize sensitive information described in an agency's regulations. There have been cases where individuals are compromised by an opposing agency and exploited by the individual's financial status, threats on their life, or other factors in order to force the individual to comply with the opposing agencies demands.

      An insider may attempt to steal property or information for personal gain, or to benefit another organization or country.[3] These attacks may range from information data being stolen to the destruction of business property. Insiders may perform the following threats against their organization:

      • Espionage, criminal enterprise, fraud, theft and unauthorized disclosure of information (Classified information, sensitive information, intellectual property, trade secrets, Personally Identifiable Information (PII) )
      • Information technology sabotage
      • Any action that results in the loss or degradation of organization

        Insiders have similar characteristics that can be compiled to in order to help determine possible threats. Most researchers have identified that insiders mainly show antisocial behavior that may include but not limited to: Machiavellianism, narcissism, and psychopathy.[4]

        On the information system side, there is the list of common behavioral indicators of known insiders:[5]

        • Downloading substantial amounts of data to external drives
        • Accessing confidential data that is not relevant to a user's role
        • Emailing sensitive information to a personal account
        • Attempts to bypass security controls
        • Requests for clearance or higher-level access without need;
        • Frequently accessing the workspace outside of normal working hours;
        • Irresponsible social media behaviors;
        • Maintaining access to sensitive data after termination;
        • Using unauthorized external storage devices;
        • Visible disgruntlement toward employers or co-workers;
        • Chronic violation of organization policies;
        • Decline in work performance;
        • Use of mobile devices to phot

          On the information system side, there is the list of common behavioral indicators of known insiders:[5]

          The impacts from insider threat incidents can be very severe, costly and damaging. Not all incidents by insiders are malicious. Non-Malicious insider incidents can be just as damaging as malicious incidents.

          Listed on the link below are numerous insider threat incidents that have had severe impacts on organizations.[6]

          Cyber security

          Terrorism

          • Orlando nightclub shooting killed 50 people, Omar Mateen, 13 June 2016[10]
          • DC Metro Transit cop trying to assist Listed on the link below are numerous insider threat incidents that have had severe impacts on organizations.[6]

            [13]

            1. ^ https://www.us-cert.gov/sites/default/files/publications/Combating%20the%20Insider%20Threat_0.pdf
            2. ^ a b "Insider Threats Incidents, Data Breaches, News, Examples - Could They Happen To Your Organization" (PDF). www.NationalInsiderThreatSig.org. Retrieved 9 December 2017.