The insider threat is a risk that comes from the people within the organisation, such as (ex-) employees, contractors, business partners and third parties. Some experts argue that employees are the biggest threat to companies, because they have legitimate credentials and access to data and systems which can cause much damage when abused.
There are many definitions of the insider threat. The CERT Division of the United States Software Engineering Institute defines the insider threat as: “a current or former employee, contractor, or business partner who has or had authorized access to an organisation’s network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organisation’s information or information systems”. The perpetrator is called a malicious insider.
Please find the full article attached to this page.