An insider threat is a security risk that originates from within the target organization usually involving employees, vendors, executives, contractors or anyone else who works within the business.

The risk posed by those who have access to an organization’s physical or digital assets. These attacks are dangerous as they are hard to detect until the moment the attack occurs as everything the insider is doing may look legitimate from the outside.

Consequences of this type of threat is a data breach, fraud, theft of trade secrets or sabotage.

Types of insider threat

Current employees

Current employees will have privileged access to sensitive and valuable data which they could exploit for financial gain.

Former employees

These can be seen as malicious insiders. Former employees may intentionally retain access to a system or pose as a security threat by sabotaging cybersecurity measures through their insider knowledge. This is usually done for payback or personal gain.


External threat actors can gain the trust of a current employee to get insider access to systems and data. This usually occurs when threat actors are hoping to steal trade secrets.

Unintentional insider threats

This occurs when employees inadvertently pose a significant risk because they do not comply with security policies, or they use systems or data in a negligent manner.

Indications of an insider threat

Insider threats usually involve one or more of the following actions:

  • Disgruntled employees
  • Evidence of a user trying to circumvent access controls
  • Dismantling, turning off or neglecting security controls
  • Employee working late frequently when few others are around
  • Violation of other corporate policies
  • Accessing or downloading large files of information
  • Accessing (or attempting to access) applications or data not required for their job function.
  • Connecting with outside tech devices
  • Searching and scanning for vulnerabilities.

Detecting and preventing insider threats

  1. Protect sensitive data – have the correct access controls and only allow access to assets required for job function.
  2. Behavioural analysis – monitoring behaviours on devices can lead to discovering the possibility of insider threats earlier.
  3. Continuous monitoring using attack surface management tools.
  4. Patch vulnerabilities – make sure any vulnerabilities in your network or softwares have been patched and that all employees have systems up to date.
  5. Proper training on required laws for the data that employees deal with which includes potential risks and how to keep data safe.
  6. Best practises and compliance procedures build a good foundation to eliminating insider threats.