Insider Threats

(OBJ 2.1)

Cybersecurity threats that originate from within the organization
- Have access to the organizations intimate data and infraestructure
- Makes them potentially more damaging than a external attacker
Will have varying levels of capabilities
The impact of an insider threat is largely determined by the individual roles or access, also influenced by the stillness of the actor

Each insider threat is driven by different motivations

Some are driven by financial gain and they want to profit from the sale of sensitive organizational data to others
Some may be motivated by revenge and are aiming to harm the organization due to some kind of perceived wrong levied against the insider
- Recently fire employee acting on the last day of work
Some may take actions as a result of carelessness or a lack of awareness of cybersecurity best practices
Infamous case of Edward Snowden
- NSA and US government classify him as an Insider threat
- He leaked a vast amount of classified information to the media to reveal extensive global surveillance programs run by the National Security Agency (NSA) that he disagreed with.
- Its knowledge allow him to steal a ton of data without the NSA detecting it.
- Most massive and most massive and most damaging theft of intelligence information in the history of the US.
  - Most of the impact revolved about National Security and diplomatic relations

Insider threat refers to the potential risk posed by individuals within an organization who have access to sensitive information and systems, and who may misuse this access for malicious or unintended purposes
To mitigate the risk of an insider threat being successful, organizations should implement the following
- Zero-trust architecture
- Employ robust access controls
- Conduct regular audits
- Provide effective employee security awareness programs