An "insider" refers to a current or former employee, contractor, or business partner who has or had authorized access to an organization's network, system, data, or facilities. They may misuse this access to negatively impact the confidentiality, integrity, or availability of the organization's information, information systems, business processes, employee safety, or asset security. Insiders often possess unique information and knowledge that would be challenging for an external attacker to obtain, such as specific security implementations, personnel procedures, patterns of life, equipment malfunctions, or uncorrected vulnerabilities.
There are three main categories of insider:
The passive insider might pass information to an outsider to assist in accomplishing its goal. This assistance might be intentional, or unintentional. (A good example of an unintentional passive insider is someone who clicks a link in an email which unleashes a malware attack.)
The second category is the active nonviolent insider. This person can act alone, or in concert with an outsider. They are willing to steal, disrupt, and commit fraud and espionage, but stop short of violence.
Finally, the active violent insider seeks to cause significant physical damage to an organization's security, systems, and critical assets. They are prepared to take extreme risks, including risking their life and using deadly force or weapons, to achieve their mission. The worst form of this is the workplace active shooter.
Every organization should consider their insider risks, and may elect to set up an insider risk mitigation program. There is a lot of good material available from the federal governments in Canada and the US.
If you have any questions or comments about insider risk mitigation planning, please let me know.