Virtualization Technology News and Information
What are Insider Threats, and Why do They Occur?

By PJ Bradley

When you have a business to secure, the possibility of an external attack feels like enough to handle without the added worry of threats from inside the company. The prospect is daunting, but insider threats can pose a serious risk to an organization and should be taken seriously. The first step to protecting against insider threats is understanding what they are and where they come from. Though the challenges of the risks posed by insiders can be difficult to surmount, they are not impossible. Armed with the correct information and resources, preventing insider threats from arising doesn't have to be overly complicated.

What is an Insider Threat?

An insider threat is defined by the United States Cybersecurity and Infrastructure Security Agency (CISA) as "the potential for an insider to use their authorized access or understanding of an organization to harm that organization." The term is broad by design, and it covers a wide variety of different actions and consequences. Insider threats can be espionage, sabotage, theft, data leakage, and even physical violence. Insider threats can be more dangerous and difficult to prevent than external ones, as it is challenging to curb an insider's potential risk without hindering their function in the company.

Insiders can be anyone from employees and contractors to custodians and repair people. There are many individuals involved in the business at all levels, and each one has the potential to use their knowledge and authorized access to cause damage to an organization. Some level of access is necessary for a job to get done, but insiders are often granted authorization for areas that should be restricted. Ensuring that internal actors are only allowed into areas of the network or business they must be in is an essential step in fighting insider threats.

Why do Insider Threats Occur?

Because "insider threat" is an umbrella term for many types of risks, it makes sense that these threats also stem from many root causes. An insider may pose a threat because of personal, political, or professional allegiances, ignorance of security best practices, simple negligence, or other reasons. Discussing these reasons in three major categories makes the most sense: threats where an insider intentionally sets out to do harm, threats where the insider causes harm inadvertently, and threats where another party compromises an insider's access.

Malicious Insiders

Threats from insiders who intend to harm are often motivated by negative feelings toward the organization. Whether acting on their own personal vendetta or on behalf of a competing company, foreign government, or another third party, these bad actors can use their inside access to hurt the target organization. They can be financially motivated, stealing money directly from their organization or committing sabotage or espionage for payment from another party. They can also be emotionally motivated if an insider feels the company has wronged them, such as by underpaying them or passing them over for a promotion. According to one analysis, malicious insiders are the least common type of insider threat but far more costly per incident than accidental insider threats.

Unintentional Threats

By far, the most common type of insider threat is the unintentional threat posed by the ignorance or negligence of an insider. Employees, contractors, partners, and other internal actors can have access to accounts, devices, and areas of the network that those outside the organization are barred from, but they are not always trained on security protocols for the technology and data in their hands. All insiders must receive training in cybersecurity best practices and specific policies to keep your organization safe. This kind of threat is less costly per incident, but overall the most expensive category due to sheer volume.

Compromised Accounts and Devices

These threats occur when an outsider gains access to an insider's account or device to cause harm to the organization. Criminal actors outside a company can obtain credentials, steal devices, or inflict malware as a way into the organization, depending on their ultimate goals and the methods they plan to use to get there. They can use employee credentials and devices to steal data, steal money, or hinder business operations. They can also use phishing to infect one device with malware and then use that device to further infect the network, sabotaging the organization. This type of threat is not extremely common, but it is the most costly per incident. Because the attacker needs to somehow gain access to employee resources, cybersecurity training and cyber hygiene policies can go a long way in preventing this kind of incident.


Insider threats are a dynamic and formidable force to be reckoned with. When avoiding the fallout of a potential incident, "there are a variety of tools and strategies that organizations can use to rein in their insider risk and prevent threats." With knowledge of insider threats and their motivations, you should be equipped to decide which preventive measures and solutions to implement for your organization.



PJ Bradley 

PJ Bradley is a writer on a wide variety of topics, passionate about learning and helping people above all else. Holding a bachelor's degree from Oakland University, PJ enjoys using a lifelong desire to understand how things work to write about subjects that inspire interest. Most of PJ's free time is spent reading and writing. PJ is also a regular writer at Bora.

Published Wednesday, March 29, 2023 7:30 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<March 2023>