insider threat

An insider threat is a malicious hacker (also called a cracker or a black hat) who is an employee or officer of a business, institution, or agency. The term can also apply to an outside person who poses as an employee or officer by obtaining false credentials. The cracker obtains access to the computer systems or networks of the enterprise, and then conducts activities intended to cause harm to the enterprise.

Insider threats are often disgruntled employees or ex-employees who believe that the business, institution, or agency has "done them wrong" and feel justified in gaining revenge. The malicious activity usually occurs in four steps or phases. First, the cracker gains entry to the system or network. Secondly, the cracker investigates the nature of the system or network in order to learn where the vulnerable points are and where the most damage can be caused with the least effort. Thirdly, the cracker sets up a workstation from which the nefarious activity can be conducted. Finally, the actual destructive activity takes place.

The damage caused by an insider threat can take many forms, including the introduction of viruses, worms, or trojan horses; the theft of information or corporate secrets; the theft of money; the corruption or deletion of data; the altering of data to produce inconvenience or false criminal evidence; and the theft of the identities of specific individuals in the enterprise. Protection against the insider threat involves measures similar to those recommended for Internet users, such as the use of multiple spyware scanning programs, anti-virus programs, firewalls, and a rigorous data backup and archiving routine.

This was last updated in January 2017

Continue Reading About insider threat

Dig Deeper on Malware, virus, Trojan and spyware protection and removal



Find more PRO+ content and other member only offers, here.

Join the conversation


Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Look at Carnegie Mellon's software engineering institute/CERT's work on insider threat to gain a far deeper view into this topic.
Consider a broader definition of Insider Threat. Others include the "unwitting insider" who possesses trusted access to important resources but whose negligence or ignorance exposes the organization to additional risk. Also, consider threats to physical security such as sharing passcodes or blocking open doors, theft of valuable data and resources that require no hacking, and employees who threaten or demonstrate violent actions that threaten data, property, or the health and lives of employees or customers. The common thread to all aspects of a broader definition is that an individual is granted trusted access that allows them to post a threat that an outsider could not.


File Extensions and File Formats

Powered by: