Insider Threat Actor

An insider threat actor is someone who uses their authorized access to an organization's systems or network to cause harm, intentionally or unintentionally. Insider threat actors include current or former employees, contractors, or business associates.

Insider threats can be challenging to detect because the threat actor already has legitimate access to the organization's systems. Some examples of insider threats include:

Malicious insider

Also known as a Turncloak, this actor intentionally abuses their access to steal information for personal or financial gain.

Careless insider

This actor unknowingly exposes the system to outside threats through mistakes like leaving a device exposed.

Collaborator

This actor works with a third party to harm the organization, such as a competitor, nation-state, or criminal network.

Some signs of an insider threat include Logging into the network at odd hours, Accessing information unrelated to their job, Downloading large amounts of data, Copying data to personal devices, and Creating unauthorized accounts.