Defining Insider Threats | CISA (2024)

Table of Contents
What is an Insider? What is an Insider Threat? What are the Types of Insider Threats? How Does an Insider Threat Occur? Resources

Insider threats present a complex and dynamic risk affecting the public and private domains of all critical infrastructure sectors. Defining these threats is a critical step in understanding and establishing an insider threat mitigation program. The Cybersecurity and Infrastructure Security Agency (CISA)defines insider threat as the threat that an insider will use their authorized access, intentionally or unintentionally, to do harm to the department’s mission, resources, personnel, facilities, information, equipment, networks, or systems. Insider threats manifest in various ways: violence, espionage, sabotage, theft, and cyber acts.

See Also
What are Insider Threats? Types, Prevention & Risks

What is an Insider?

An insider is any person who has or had authorized access to or knowledge of an organization’s resources, including personnel, facilities, information, equipment, networks, and systems.

Examples of an insider may include:

  • A person the organization trusts, including employees, organization members, and those to whom the organization has given sensitive information and access.
  • A person given a badge or access device identifying them as someone with regular or continuous access (e.g., an employee or member of an organization, a contractor, a vendor, a custodian, or a repair person).
  • A person to whom the organization has supplied a computer and/or network access.
  • A person who develops the organization’s products and services; this group includes those who know the secrets of the products that provide value to the organization.
  • A person who is knowledgeable about the organization’s fundamentals, including pricing, costs, and organizational strengths and weaknesses.
  • A person who is knowledgeable about the organization’s business strategy and goals, entrusted with future plans, or the means to sustain the organization and provide for the welfare of its people.
  • In the context of government functions, the insider can be a person with access to protected information, which, if compromised, could cause damage to national security and public safety.

What is an Insider Threat?

Insider threatis the potential for an insider to use their authorized access or understanding of an organization to harm that organization.

This harm can include malicious, complacent, or unintentional acts that negatively affect the integrity, confidentiality, and availability of the organization, its data, personnel, or facilities. External stakeholders and customers of the Cybersecurity and Infrastructure Security Agency (CISA) may find this generic definition better suited and adaptable for their organization’s use.

CISAdefines insider threat as the threat that an insider will use their authorized access, wittingly or unwittingly, to do harm to the department’s mission, resources, personnel, facilities, information, equipment, networks, or systems. This threat can manifest as damage to the department through the following insider behaviors:

  • Espionage
  • Terrorism
  • Unauthorized disclosure of information
  • Corruption, including participation in transnational organized crime
  • Sabotage
  • Workplace violence
  • Intentional or unintentional loss or degradation of departmental resources or capabilities

What are the Types of Insider Threats?

  • Unintentional Threat
    • NegligenceAn insider of this type exposes an organization to a threat through carelessness. Negligent insiders are generally familiar with security and/or IT policies but choose to ignore them, creating risk for the organization. Examples include allowing someone to “piggyback” through a secure entrance point, misplacing or losing a portable storage device containing sensitive information, and ignoring messages to install new updates and security patches.
    • Accidental– An insider of this type mistakenly causes an unintended risk to an organization. Examples include mistyping an email address and accidentally sending a sensitive business document to a competitor, unknowingly or inadvertently clicking on a hyperlink, opening an attachment in a phishing email that contains a virus, or improperly disposing of sensitive documents.
  • Intentional Threats- The intentional insider is often synonymously referenced as a “malicious insider.” Intentional threats are actions taken to harm an organization for personal benefit or to act on a personal grievance. For example, many insiders are motivated to “get even” due to a perceived lack of recognition (e.g., promotion, bonuses, desirable travel) or termination. Their actions can include leaking sensitive information, harassing associates, sabotaging equipment, perpetrating violence, or stealing proprietary data or intellectual property in the false hope of advancing their careers.
  • Other Threats
    • Collusive ThreatsA subset of malicious insider threats is referred to as collusive threats, where one or more insiders collaborate with an external threat actor to compromise an organization. These incidents frequently involve cybercriminals recruiting an insider or several insiders to enable fraud, intellectual property theft, espionage, or a combination of the three.
    • Third-Party Threats– Additionally, third-party threats are typically contractors or vendors who are not formal members of an organization, but who have been granted some level of access to facilities, systems, networks, or people to complete their work. These threats may be direct or indirect threats.

How Does an Insider Threat Occur?

Insider threats manifest in various ways: violence, espionage, sabotage, theft, and cyber acts. Expressions of insider threat are defined in detail below.

Expressions of Insider Threat

  • Violence– This action includes the threat of violence, as well as other threatening behaviors that create an intimidating, hostile, or abusive environment.
    • Workplace/organizational violenceis any action or threat of physical violence, harassment, sexual harassment, intimidation, bullying, offensive jokes, or other threatening behavior by a co-worker or associate that occurs in a person’s place of employment or while a person is working.
    • Terrorismas an insider threat is an unlawful use of or threat of violence by employees, members, or others closely associated with an organization, against that organization. Terrorism’s goal is to promote a political or social objective.
  • Espionage– Espionage is the covert or illicit practice of spying on a foreign government, organization, entity, or person to obtain confidential information for military, political, strategic, or financial advantage.
    • Economic Espionageis the covert practice of obtaining trade secrets from a foreign nation (e.g., all forms and types of financial, business, scientific, technical, economic, or engineering information and methods, techniques, processes, procedures, programs, or codes for manufacturing).
    • Government Espionageis covert intelligence-gathering activities by one government against another to obtain political or military advantage. It can also include government(s) spying on corporate entities such as aeronautics firms, consulting firms, think tanks, or munition companies. Government espionage is also referred to as intelligence gathering.
    • Criminal Espionageinvolves a U.S. citizen betraying U.S. government secrets to foreign nations.
  • Sabotage– Sabotage describes deliberate actions to harm an organization’s physical or virtual infrastructure, including noncompliance with maintenance or IT procedures, contaminating clean spaces, physically damaging facilities, or deleting code to prevent regular operations.
    • Physical Sabotageis taking deliberate actions aimed at harming an organization’s physical infrastructure (e.g., facilities or equipment).
    • Virtual Sabotageis taking malicious actions through technical means to disrupt or stop an organization’s normal business operations.
  • Theft– Theft is the act of stealing, whether money or intellectual property.
    • Financial Crimeis the unauthorized taking or illicit use of a person’s, business’, or organization’s money or property with the intent to benefit from it.
    • Intellectual Property Theftis the theft or robbery of an individual’s or organization’s ideas, inventions, or creative expressions, including trade secrets and proprietary products, even if the concepts or items being stolen originated from the thief.
  • Cyber- Cyber threat includes theft, espionage, violence, and sabotage of anything related to technology, virtual reality, computers, devices, or the internet.
    • Unintentional Threatsare the non-malicious (frequently accidental or inadvertent) exposure of an organization’s IT infrastructure, systems, and data that causes unintended harm to an organization. Examples include phishing emails, rogue software, and “malvertising” (embedding malicious content into legitimate online advertising).
    • Intentional Threatsare malicious actions performed by malicious insiders who use technical means to disrupt or halt an organization’s regular business operations, identify IT weaknesses, gain protected information, or otherwise further an attack plan via access to IT systems. This action can involve changing data or inserting malware or other pieces of offensive software to disrupt systems and networks.

Resources

  • CISA Insider Threat Mitigation Guide
  • Carnegie Mellon University Software Engineering Institute’s theCERT Definition of 'Insider Threat'provides an updated definition of insider threat, including the potential for physical acts of harm.
See Also
What Is an Insider Threat? Definition, Types, and Prevention | FortinetWhat Is an Insider Threat? Definition, Examples, and Mitigations | UpGuardInsider Threats And How To Identify Them | CrowdStrikeWhat Is an Insider Threat? Definition, Detection & Prevention | Proofpoint US
Defining Insider Threats | CISA (2024)
Top Articles
Rentenversicherung: Was taugen hybride Modelle?
Unveiling the Enigmatic Sleep Token with Leo Faulkner - Adeline Luce
Matgyn
Craigslist St. Paul
craigslist: kenosha-racine jobs, apartments, for sale, services, community, and events
What happens if I deposit a bounced check?
Katie Boyle Dancer Biography
Does Pappadeaux Pay Weekly
Blue Ridge Now Mugshots Hendersonville Nc
Nichole Monskey
What’s the Difference Between Cash Flow and Profit?
Mid90S Common Sense Media
Edible Arrangements Keller
Https //Advanceautoparts.4Myrebate.com
A Guide to Common New England Home Styles
Samantha Lyne Wikipedia
Marvon McCray Update: Did He Pass Away Or Is He Still Alive?
Aspen Mobile Login Help
TBM 910 | Turboprop Aircraft - DAHER TBM 960, TBM 910
Faurot Field Virtual Seating Chart
The best firm mattress 2024, approved by sleep experts
Mj Nails Derby Ct
Craigslist Rome Ny
Feathers
Obituaries, 2001 | El Paso County, TXGenWeb
Mobile crane from the Netherlands, used mobile crane for sale from the Netherlands
Google Flights To Orlando
Moonrise Time Tonight Near Me
Grandstand 13 Fenway
Half Inning In Which The Home Team Bats Crossword
Plato's Closet Mansfield Ohio
Colorado Parks And Wildlife Reissue List
Devotion Showtimes Near Mjr Universal Grand Cinema 16
Obsidian Guard's Skullsplitter
Imperialism Flocabulary Quiz Answers
Troy Gamefarm Prices
How to play Yahoo Fantasy Football | Yahoo Help - SLN24152
Lovein Funeral Obits
Verizon Outage Cuyahoga Falls Ohio
Gregory (Five Nights at Freddy's)
Fedex Passport Locations Near Me
Citizens Bank Park - Clio
Television Archive News Search Service
Walmart 24 Hrs Pharmacy
Southwest Airlines Departures Atlanta
Oklahoma City Farm & Garden Craigslist
Goats For Sale On Craigslist
Tlc Africa Deaths 2021
Greg Steube Height
French Linen krijtverf van Annie Sloan
Raley Scrubs - Midtown
Latest Posts
Hamilton’s salaris bij Ferrari: Wat gaat hij verdienen?
Sahnige Apfel-Schmand-Torte nach Landfrauen-Rezept
Article information

Author: Chrissy Homenick

Last Updated:

Views: 5984

Rating: 4.3 / 5 (74 voted)

Reviews: 81% of readers found this page helpful

Author information

Name: Chrissy Homenick

Birthday: 2001-10-22

Address: 611 Kuhn Oval, Feltonbury, NY 02783-3818

Phone: +96619177651654

Job: Mining Representative

Hobby: amateur radio, Sculling, Knife making, Gardening, Watching movies, Gunsmithing, Video gaming

Introduction: My name is Chrissy Homenick, I am a tender, funny, determined, tender, glorious, fancy, enthusiastic person who loves writing and wants to share my knowledge and understanding with you.