Defining Insider Threats | CISA (2024)

Table of Contents
What is an Insider? What is an Insider Threat? What are the Types of Insider Threats? How Does an Insider Threat Occur? Resources References

Insider threats present a complex and dynamic risk affecting the public and private domains of all critical infrastructure sectors. Defining these threats is a critical step in understanding and establishing an insider threat mitigation program. The Cybersecurity and Infrastructure Security Agency (CISA)defines insider threat as the threat that an insider will use their authorized access, intentionally or unintentionally, to do harm to the department’s mission, resources, personnel, facilities, information, equipment, networks, or systems. Insider threats manifest in various ways: violence, espionage, sabotage, theft, and cyber acts.

See Also
What Is an Insider Threat | Malicious Insider Attack Examples | Imperva

What is an Insider?

An insider is any person who has or had authorized access to or knowledge of an organization’s resources, including personnel, facilities, information, equipment, networks, and systems.

Examples of an insider may include:

  • A person the organization trusts, including employees, organization members, and those to whom the organization has given sensitive information and access.
  • A person given a badge or access device identifying them as someone with regular or continuous access (e.g., an employee or member of an organization, a contractor, a vendor, a custodian, or a repair person).
  • A person to whom the organization has supplied a computer and/or network access.
  • A person who develops the organization’s products and services; this group includes those who know the secrets of the products that provide value to the organization.
  • A person who is knowledgeable about the organization’s fundamentals, including pricing, costs, and organizational strengths and weaknesses.
  • A person who is knowledgeable about the organization’s business strategy and goals, entrusted with future plans, or the means to sustain the organization and provide for the welfare of its people.
  • In the context of government functions, the insider can be a person with access to protected information, which, if compromised, could cause damage to national security and public safety.

What is an Insider Threat?

Insider threatis the potential for an insider to use their authorized access or understanding of an organization to harm that organization.

This harm can include malicious, complacent, or unintentional acts that negatively affect the integrity, confidentiality, and availability of the organization, its data, personnel, or facilities. External stakeholders and customers of the Cybersecurity and Infrastructure Security Agency (CISA) may find this generic definition better suited and adaptable for their organization’s use.

CISAdefines insider threat as the threat that an insider will use their authorized access, wittingly or unwittingly, to do harm to the department’s mission, resources, personnel, facilities, information, equipment, networks, or systems. This threat can manifest as damage to the department through the following insider behaviors:

  • Espionage
  • Terrorism
  • Unauthorized disclosure of information
  • Corruption, including participation in transnational organized crime
  • Sabotage
  • Workplace violence
  • Intentional or unintentional loss or degradation of departmental resources or capabilities

What are the Types of Insider Threats?

  • Unintentional Threat
    • NegligenceAn insider of this type exposes an organization to a threat through carelessness. Negligent insiders are generally familiar with security and/or IT policies but choose to ignore them, creating risk for the organization. Examples include allowing someone to “piggyback” through a secure entrance point, misplacing or losing a portable storage device containing sensitive information, and ignoring messages to install new updates and security patches.
    • Accidental– An insider of this type mistakenly causes an unintended risk to an organization. Examples include mistyping an email address and accidentally sending a sensitive business document to a competitor, unknowingly or inadvertently clicking on a hyperlink, opening an attachment in a phishing email that contains a virus, or improperly disposing of sensitive documents.
  • Intentional Threats- The intentional insider is often synonymously referenced as a “malicious insider.” Intentional threats are actions taken to harm an organization for personal benefit or to act on a personal grievance. For example, many insiders are motivated to “get even” due to a perceived lack of recognition (e.g., promotion, bonuses, desirable travel) or termination. Their actions can include leaking sensitive information, harassing associates, sabotaging equipment, perpetrating violence, or stealing proprietary data or intellectual property in the false hope of advancing their careers.
  • Other Threats
    • Collusive ThreatsA subset of malicious insider threats is referred to as collusive threats, where one or more insiders collaborate with an external threat actor to compromise an organization. These incidents frequently involve cybercriminals recruiting an insider or several insiders to enable fraud, intellectual property theft, espionage, or a combination of the three.
    • Third-Party Threats– Additionally, third-party threats are typically contractors or vendors who are not formal members of an organization, but who have been granted some level of access to facilities, systems, networks, or people to complete their work. These threats may be direct or indirect threats.

How Does an Insider Threat Occur?

Insider threats manifest in various ways: violence, espionage, sabotage, theft, and cyber acts. Expressions of insider threat are defined in detail below.

Expressions of Insider Threat

  • Violence– This action includes the threat of violence, as well as other threatening behaviors that create an intimidating, hostile, or abusive environment.
    • Workplace/organizational violenceis any action or threat of physical violence, harassment, sexual harassment, intimidation, bullying, offensive jokes, or other threatening behavior by a co-worker or associate that occurs in a person’s place of employment or while a person is working.
    • Terrorismas an insider threat is an unlawful use of or threat of violence by employees, members, or others closely associated with an organization, against that organization. Terrorism’s goal is to promote a political or social objective.
  • Espionage– Espionage is the covert or illicit practice of spying on a foreign government, organization, entity, or person to obtain confidential information for military, political, strategic, or financial advantage.
    • Economic Espionageis the covert practice of obtaining trade secrets from a foreign nation (e.g., all forms and types of financial, business, scientific, technical, economic, or engineering information and methods, techniques, processes, procedures, programs, or codes for manufacturing).
    • Government Espionageis covert intelligence-gathering activities by one government against another to obtain political or military advantage. It can also include government(s) spying on corporate entities such as aeronautics firms, consulting firms, think tanks, or munition companies. Government espionage is also referred to as intelligence gathering.
    • Criminal Espionageinvolves a U.S. citizen betraying U.S. government secrets to foreign nations.
  • Sabotage– Sabotage describes deliberate actions to harm an organization’s physical or virtual infrastructure, including noncompliance with maintenance or IT procedures, contaminating clean spaces, physically damaging facilities, or deleting code to prevent regular operations.
    • Physical Sabotageis taking deliberate actions aimed at harming an organization’s physical infrastructure (e.g., facilities or equipment).
    • Virtual Sabotageis taking malicious actions through technical means to disrupt or stop an organization’s normal business operations.
  • Theft– Theft is the act of stealing, whether money or intellectual property.
    • Financial Crimeis the unauthorized taking or illicit use of a person’s, business’, or organization’s money or property with the intent to benefit from it.
    • Intellectual Property Theftis the theft or robbery of an individual’s or organization’s ideas, inventions, or creative expressions, including trade secrets and proprietary products, even if the concepts or items being stolen originated from the thief.
  • Cyber- Cyber threat includes theft, espionage, violence, and sabotage of anything related to technology, virtual reality, computers, devices, or the internet.
    • Unintentional Threatsare the non-malicious (frequently accidental or inadvertent) exposure of an organization’s IT infrastructure, systems, and data that causes unintended harm to an organization. Examples include phishing emails, rogue software, and “malvertising” (embedding malicious content into legitimate online advertising).
    • Intentional Threatsare malicious actions performed by malicious insiders who use technical means to disrupt or halt an organization’s regular business operations, identify IT weaknesses, gain protected information, or otherwise further an attack plan via access to IT systems. This action can involve changing data or inserting malware or other pieces of offensive software to disrupt systems and networks.

Resources

  • CISA Insider Threat Mitigation Guide
  • Carnegie Mellon University Software Engineering Institute’s theCERT Definition of 'Insider Threat'provides an updated definition of insider threat, including the potential for physical acts of harm.
See Also
What Is an Insider Threat? Definition, Types, and Prevention | FortinetWhat Is Insider Threat? Unraveling Insider Risks | Microsoft SecurityInsider Threats And How To Identify Them | CrowdStrikeWas sind Insider-Bedrohungen? - CrowdStrike
Defining Insider Threats | CISA (2024)

References

Top Articles
A Companion to Ancient Philosophy (Blackwell Companions to Philosophy) - PDF Free Download
How Do You Get the Ancient Forest Raider Ride? A Guide to Unlocking this Exhilarating Mount
Cranes For Sale in United States| IronPlanet
Skycurve Replacement Mat
Week 2 Defense (DEF) Streamers, Starters & Rankings: 2024 Fantasy Tiers, Rankings
Craigslist Pet Phoenix
Notary Ups Hours
Lycoming County Docket Sheets
5808 W 110Th St Overland Park Ks 66211 Directions
Colts seventh rotation of thin secondary raises concerns on roster evaluation
Craigslist Motorcycles Orange County Ca
Craiglist Kpr
Spectrum Field Tech Salary
Jinx Chapter 24: Release Date, Spoilers & Where To Read - OtakuKart
Aps Day Spa Evesham
Knock At The Cabin Showtimes Near Alamo Drafthouse Raleigh
Watch Your Lie in April English Sub/Dub online Free on HiAnime.to
Lost Pizza Nutrition
Powerschool Mcvsd
Mals Crazy Crab
Kitchen Exhaust Cleaning Companies Clearwater
Feathers
Delta Township Bsa
Schooology Fcps
Cavanaugh Photography Coupon Code
How Much Is An Alignment At Costco
Jambus - Definition, Beispiele, Merkmale, Wirkung
Capital Hall 6 Base Layout
Everstart Jump Starter Manual Pdf
Petsmart Distribution Center Jobs
Microsoftlicentiespecialist.nl - Microcenter - ICT voor het MKB
Morlan Chevrolet Sikeston
Strange World Showtimes Near Atlas Cinemas Great Lakes Stadium 16
Jr Miss Naturist Pageant
Log in or sign up to view
The Vélodrome d'Hiver (Vél d'Hiv) Roundup
The best Verizon phones for 2024
Wattengel Funeral Home Meadow Drive
Mckinley rugzak - Mode accessoires kopen? Ruime keuze
The Transformation Of Vanessa Ray From Childhood To Blue Bloods - Looper
Skip The Games Grand Rapids Mi
Qlima© Petroleumofen Elektronischer Laserofen SRE 9046 TC mit 4,7 KW CO2 Wächter • EUR 425,95
Dinar Detectives Cracking the Code of the Iraqi Dinar Market
Directions To Cvs Pharmacy
VPN Free - Betternet Unlimited VPN Proxy - Chrome Web Store
Craigslist Binghamton Cars And Trucks By Owner
Youravon Com Mi Cuenta
Enter The Gungeon Gunther
Clock Batteries Perhaps Crossword Clue
Blippi Park Carlsbad
Latest Posts
Engaging structural greed today: Christians and Muslims in dialogue.
[PDF] a a a a a a a a a a a a a a a a a a a a - Free Download PDF
Article information

Author: The Hon. Margery Christiansen

Last Updated:

Views: 5976

Rating: 5 / 5 (70 voted)

Reviews: 93% of readers found this page helpful

Author information

Name: The Hon. Margery Christiansen

Birthday: 2000-07-07

Address: 5050 Breitenberg Knoll, New Robert, MI 45409

Phone: +2556892639372

Job: Investor Mining Engineer

Hobby: Sketching, Cosplaying, Glassblowing, Genealogy, Crocheting, Archery, Skateboarding

Introduction: My name is The Hon. Margery Christiansen, I am a bright, adorable, precious, inexpensive, gorgeous, comfortable, happy person who loves writing and wants to share my knowledge and understanding with you.