Back to glossary

Insider Threat

An insider threat describes cybersecurity risk associated with malicious behavior by people within an organization. The common scenario is an employee, former employee, or contractor who misuses their access to sensitive information or privileged resources in order to exfiltrate data. 

Insider threats can be difficult to identify and prevent because they are often invisible to traditional security measures and may exploit authorized logins. Insider threats stem from individuals with authorized access or knowledge of an organization's resources – including information systems, networks, credentials, and cloud accounts. 

There are three main types of insider threats: malicious insiders, who intentionally abuse their access to steal information for personal or financial gain; careless insiders, who unknowingly expose the system to outside threats; and moles, who are outsiders who pose as employees or partners to gain insider access to a privileged network. 

To mitigate insider threats, organizations should implement effective policies, procedures, and controls; provide employee awareness and training programs; and use technological solutions such as DDR to identify suspicious behavior by actors who have the correct permissions.