Defining Insider Threats | CISA (2024)

Insider threats present a complex and dynamic risk affecting the public and private domains of all critical infrastructure sectors. Defining these threats is a critical step in understanding and establishing an insider threat mitigation program. The Cybersecurity and Infrastructure Security Agency (CISA)defines insider threat as the threat that an insider will use their authorized access, intentionally or unintentionally, to do harm to the department’s mission, resources, personnel, facilities, information, equipment, networks, or systems. Insider threats manifest in various ways: violence, espionage, sabotage, theft, and cyber acts.

What is an Insider?

An insider is any person who has or had authorized access to or knowledge of an organization’s resources, including personnel, facilities, information, equipment, networks, and systems.

Examples of an insider may include:

  • A person the organization trusts, including employees, organization members, and those to whom the organization has given sensitive information and access.
  • A person given a badge or access device identifying them as someone with regular or continuous access (e.g., an employee or member of an organization, a contractor, a vendor, a custodian, or a repair person).
  • A person to whom the organization has supplied a computer and/or network access.
  • A person who develops the organization’s products and services; this group includes those who know the secrets of the products that provide value to the organization.
  • A person who is knowledgeable about the organization’s fundamentals, including pricing, costs, and organizational strengths and weaknesses.
  • A person who is knowledgeable about the organization’s business strategy and goals, entrusted with future plans, or the means to sustain the organization and provide for the welfare of its people.
  • In the context of government functions, the insider can be a person with access to protected information, which, if compromised, could cause damage to national security and public safety.

What is an Insider Threat?

Insider threatis the potential for an insider to use their authorized access or understanding of an organization to harm that organization.

This harm can include malicious, complacent, or unintentional acts that negatively affect the integrity, confidentiality, and availability of the organization, its data, personnel, or facilities. External stakeholders and customers of the Cybersecurity and Infrastructure Security Agency (CISA) may find this generic definition better suited and adaptable for their organization’s use.

CISAdefines insider threat as the threat that an insider will use their authorized access, wittingly or unwittingly, to do harm to the department’s mission, resources, personnel, facilities, information, equipment, networks, or systems. This threat can manifest as damage to the department through the following insider behaviors:

  • Espionage
  • Terrorism
  • Unauthorized disclosure of information
  • Corruption, including participation in transnational organized crime
  • Sabotage
  • Workplace violence
  • Intentional or unintentional loss or degradation of departmental resources or capabilities

What are the Types of Insider Threats?

  • Unintentional Threat
    • NegligenceAn insider of this type exposes an organization to a threat through carelessness. Negligent insiders are generally familiar with security and/or IT policies but choose to ignore them, creating risk for the organization. Examples include allowing someone to “piggyback” through a secure entrance point, misplacing or losing a portable storage device containing sensitive information, and ignoring messages to install new updates and security patches.
    • Accidental– An insider of this type mistakenly causes an unintended risk to an organization. Examples include mistyping an email address and accidentally sending a sensitive business document to a competitor, unknowingly or inadvertently clicking on a hyperlink, opening an attachment in a phishing email that contains a virus, or improperly disposing of sensitive documents.
  • Intentional Threats- The intentional insider is often synonymously referenced as a “malicious insider.” Intentional threats are actions taken to harm an organization for personal benefit or to act on a personal grievance. For example, many insiders are motivated to “get even” due to a perceived lack of recognition (e.g., promotion, bonuses, desirable travel) or termination. Their actions can include leaking sensitive information, harassing associates, sabotaging equipment, perpetrating violence, or stealing proprietary data or intellectual property in the false hope of advancing their careers.
  • Other Threats
    • Collusive ThreatsA subset of malicious insider threats is referred to as collusive threats, where one or more insiders collaborate with an external threat actor to compromise an organization. These incidents frequently involve cybercriminals recruiting an insider or several insiders to enable fraud, intellectual property theft, espionage, or a combination of the three.
    • Third-Party Threats– Additionally, third-party threats are typically contractors or vendors who are not formal members of an organization, but who have been granted some level of access to facilities, systems, networks, or people to complete their work. These threats may be direct or indirect threats.

How Does an Insider Threat Occur?

Insider threats manifest in various ways: violence, espionage, sabotage, theft, and cyber acts. Expressions of insider threat are defined in detail below.

Expressions of Insider Threat

  • Violence– This action includes the threat of violence, as well as other threatening behaviors that create an intimidating, hostile, or abusive environment.
    • Workplace/organizational violenceis any action or threat of physical violence, harassment, sexual harassment, intimidation, bullying, offensive jokes, or other threatening behavior by a co-worker or associate that occurs in a person’s place of employment or while a person is working.
    • Terrorismas an insider threat is an unlawful use of or threat of violence by employees, members, or others closely associated with an organization, against that organization. Terrorism’s goal is to promote a political or social objective.
  • Espionage– Espionage is the covert or illicit practice of spying on a foreign government, organization, entity, or person to obtain confidential information for military, political, strategic, or financial advantage.
    • Economic Espionageis the covert practice of obtaining trade secrets from a foreign nation (e.g., all forms and types of financial, business, scientific, technical, economic, or engineering information and methods, techniques, processes, procedures, programs, or codes for manufacturing).
    • Government Espionageis covert intelligence-gathering activities by one government against another to obtain political or military advantage. It can also include government(s) spying on corporate entities such as aeronautics firms, consulting firms, think tanks, or munition companies. Government espionage is also referred to as intelligence gathering.
    • Criminal Espionageinvolves a U.S. citizen betraying U.S. government secrets to foreign nations.
  • Sabotage– Sabotage describes deliberate actions to harm an organization’s physical or virtual infrastructure, including noncompliance with maintenance or IT procedures, contaminating clean spaces, physically damaging facilities, or deleting code to prevent regular operations.
    • Physical Sabotageis taking deliberate actions aimed at harming an organization’s physical infrastructure (e.g., facilities or equipment).
    • Virtual Sabotageis taking malicious actions through technical means to disrupt or stop an organization’s normal business operations.
  • Theft– Theft is the act of stealing, whether money or intellectual property.
    • Financial Crimeis the unauthorized taking or illicit use of a person’s, business’, or organization’s money or property with the intent to benefit from it.
    • Intellectual Property Theftis the theft or robbery of an individual’s or organization’s ideas, inventions, or creative expressions, including trade secrets and proprietary products, even if the concepts or items being stolen originated from the thief.
  • Cyber- Cyber threat includes theft, espionage, violence, and sabotage of anything related to technology, virtual reality, computers, devices, or the internet.
    • Unintentional Threatsare the non-malicious (frequently accidental or inadvertent) exposure of an organization’s IT infrastructure, systems, and data that causes unintended harm to an organization. Examples include phishing emails, rogue software, and “malvertising” (embedding malicious content into legitimate online advertising).
    • Intentional Threatsare malicious actions performed by malicious insiders who use technical means to disrupt or halt an organization’s regular business operations, identify IT weaknesses, gain protected information, or otherwise further an attack plan via access to IT systems. This action can involve changing data or inserting malware or other pieces of offensive software to disrupt systems and networks.

Resources

  • CISA Insider Threat Mitigation Guide
  • Carnegie Mellon University Software Engineering Institute’s theCERT Definition of 'Insider Threat'provides an updated definition of insider threat, including the potential for physical acts of harm.
Defining Insider Threats | CISA (2024)

FAQs

Defining Insider Threats | CISA? ›

What is an Insider Threat? Insider threat is the potential for an insider to use their authorized access or understanding of an organization to harm that organization.

What is considered an insider threat? ›

An insider threat is a cyber security risk introduced by an individual with access to a company's systems and data. Insider threats can arise from anyone with authorized access to a company's underlying network and applications, such as employees, partners, vendors, interns, suppliers, or contractors.

Which definition best describes insider threat? ›

Typically, an insider threat in cybersecurity refers to an individual using their authorized access to an organization's data and resources to harm the company's equipment, information, networks, and systems.

What are the four types of threats? ›

Threats can be classified in four categories: direct, indirect, veiled, or conditional.

What are the cybersecurity terms to describe insider threats? ›

Expert-Verified Answer. The two types of insider threats in cybersecurity are known as malicious insiders, who intend to harm their organization, and inadvertent insiders, who accidentally cause harm without malicious intent.

What is an insider threat according to NIST? ›

According to the NIST glossary, an insider threat is “the threat that an insider will use her/his authorized access, wittingly or unwittingly, to do harm to the security of the United States.

What is a reportable insider threat? ›

An insider threat uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure, data modification, espionage, terrorism, or kinetic actions resulting in loss or degradation of resources or capabilities.

What are two of the three types of insider threats? ›

Understanding how insider threats manifest is crucial for effective cybersecurity. Organizations typically face three types of insider threats: negligent, complacent, and malicious insiders. Each type poses unique challenges and requires tailored strategies to mitigate.

Which of the following is not a type of insider threat? ›

Unusual work hours or access patterns, unauthorized access to sensitive information, and expressing dissatisfaction with the organization are all potential indicators of insider threats. However, frequent software updates are not typically considered an insider threat indicator.

Which of the following is not considered a potential insider threat? ›

Expert-Verified Answer. One potential insider threat indicator that is NOT considered is "High job satisfaction." While high job satisfaction is generally seen as a positive attribute, it is not typically considered a potential indicator of insider threat.

What classifies as a threat? ›

If someone communicates any statement or indication of an intention to inflict pain, injury, damage, or other hostile action in an illegal manner, to include in a manner that manipulates the US legal system, that's a threat.

What are the 8 internal threats? ›

There are eight threats to internal validity: history, maturation, instrumentation, testing, selection bias, regression to the mean, social interaction and attrition.

How do you identify threats? ›

Threat identification is the process of determining potential risks to a system by using checklists, traceability links, and various strategies such as injury, entry point, threat, and vulnerability arguments.

What is considered as insider threats? ›

An insider threat can happen when someone close to an organization with authorized access misuses that access to negatively impact the organization's critical information or systems. This person does not necessarily need to be an employee—third-party vendors, contractors, and partners could also pose a threat.

What best describes an insider threat? ›

The Cybersecurity and Infrastructure Security Agency (CISA) defines insider threat as the threat that an insider will use their authorized access, intentionally or unintentionally, to do harm to the department's mission, resources, personnel, facilities, information, equipment, networks, or systems.

What is the most common form of insider threat? ›

One of the most common examples of an unintentional insider threat is when someone falls victim to social engineering and gives up employee access privileges to valuable assets or data. Another typical example of an unintentional insider threat is insecure file sharing.

What is considered a potential insider threat vulnerability? ›

Insider threat is generally considered the potential for an individual to use authorized access to an organization's assets to knowingly or unknowingly do harm. The damage from insider threats can manifest as espionage, theft, sabotage, workplace violence, or other harm to people and organizations.

What is the difference between an outsider and an insider threat? ›

While both insider and outsider security threats pose significant risks to an organization, insider threats are often considered more challenging to detect and prevent due to the inherent trust and access granted to these individuals, or applications.

References

Top Articles
Ultimate Guide to Beekeeping for Beginners: Maximizing your Starter Kit's Potential
Essential Guide to Planning a Family Road Trip
Q102 Weather Desk
Sessional Dates U Of T
Buff Streams .Io
Syrie Funeral Home Obituary
Editado Como Google Translate
Cvs Tb Testing Cost
Varsity Competition Results 2022
2013 Chevy Sonic Freon Capacity
Pritzker Sdn 2023
Robert Rushing Net Worth, Daughter, Age, and Wikipedia
Devotion Showtimes Near Amc Classic Shiloh 14
What is IXL and How Does it Work?
Milanka Kudel Telegram
Biobased Circular Business Platform
Kawasaki Ninja® 500 | Motorcycle | Approachable Power
Greenville Daily Advocate Greenville Ohio
Let Basildon Sniff Your Hand
Winta Zesu Net Worth
Omniplex Cinema Dublin - Rathmines | Cinema Listings
FirstLight Power to Acquire Leading Canadian Renewable Operator and Developer Hydromega Services Inc. - FirstLight
My Les Paul Forum
Lvaction Login
Orbison Roy: (1936 1988) American Singer. Signed 7 X 9
Shannon Sharpe Pointing Gif
Herdis Eriksson Obituary
Lehman's Demise and Repo 105: No Accounting for Deception
Mcdonald's Near Me Dine In
Anker GaNPrime™️ | Our Best Multi-Device Fast Charging Lineup
Frigjam
Cornerstone Okta T Mobile
Ups Customer Center Locations
Wisconsin Volleyball Team Leaked Pictures And Videos
Hingham Police Scanner Wicked Local
Heavenly Delusion Gif
Sam's Club Near Me Gas Price
Www.craiglist.com San Antonio
California wildfires: Bridge Fire explodes in size; man arrested in connection with Line Fire
Wie blocke ich einen Bot aus Boardman/USA - sellerforum.de
7Ohp7
Mekala - Jatland Wiki
Cetaphil Samples For Providers
Georgiatags.us/Mvdkiosk
Centurylink Outage Map Mesa Az
Loredana Chivu, despre operațiile făcute la clinica anchetată: "Am fost la un pas de moarte"
Toldeo Craigslist
Exceptions to the 5-year term for naturalisation in the Netherlands
Gunsmoke Noonday Devil Cast
University Of Oregon Id
Markella Magliola Obituary
Baja Boats For Sale On Craigslist
Latest Posts
Article information

Author: The Hon. Margery Christiansen

Last Updated:

Views: 5325

Rating: 5 / 5 (50 voted)

Reviews: 81% of readers found this page helpful

Author information

Name: The Hon. Margery Christiansen

Birthday: 2000-07-07

Address: 5050 Breitenberg Knoll, New Robert, MI 45409

Phone: +2556892639372

Job: Investor Mining Engineer

Hobby: Sketching, Cosplaying, Glassblowing, Genealogy, Crocheting, Archery, Skateboarding

Introduction: My name is The Hon. Margery Christiansen, I am a bright, adorable, precious, inexpensive, gorgeous, comfortable, happy person who loves writing and wants to share my knowledge and understanding with you.