{"id":1588,"date":"2022-12-05T09:52:48","date_gmt":"2022-12-05T14:52:48","guid":{"rendered":"https:\/\/securityeverafter.com\/?p=1588"},"modified":"2023-01-30T08:53:09","modified_gmt":"2023-01-30T13:53:09","slug":"what-are-insider-threats-in-cybersecurity","status":"publish","type":"post","link":"https:\/\/securityeverafter.com\/what-are-insider-threats-in-cybersecurity\/","title":{"rendered":"What are Insider Threats in Cybersecurity?"},"content":{"rendered":"
\n

What are Insider Threats in Cybersecurity?<\/h1>\n

\"Finger<\/p>\n<\/div>\n

A Cybersecurity Insider Threat occurs when someone with access chooses to or gets tricked into using that access to harm your company.<\/h2>\n

Insider Threats in cybersecurity can be employees, contractors, vendors, or visitors, and their intent can be either intentional or accidental.<\/p>\n

An example scenario where this might happen is in the healthcare industry. Medical providers often need to move information about patients across poorly integrated systems. Wanting to get their job done, the provider might decide to circumvent technology tools and plug in a USB drive to help speed things up. This USB drive might then extract sensitive information and provide it to others who do not need it.<\/p>\n

Another example of USB risks is when a vendor or service provider needs to perform maintenance on specialized medical equipment. They use a USB to transfer essential configuration files, which leads to sharing malware acquired from previous clients. Triggers that may warrant additional focus include employment actions, including resignation, termination, job transfer, or the individual becoming disgruntled or unhappy with their working conditions.<\/p>\n

Resources you can use to learn more about Cybersecurity Insider Threats:<\/h2>\n
1 – CISA<\/a> provides an Insider Risk Self-Assessment tool.<\/span><\/a><\/div>\n
<\/div>\n
2 – Carnegie Melon<\/a> provides their CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud) (SEI Series in Software Engineering) 1st Edition<\/a> and the Insider Threat website<\/a>.<\/div>\n
<\/div>\n
3 – The Director of National Intelligence ( DNI ) website<\/a> houses the National Insider Threat Task Force (NITTF)<\/a>, the\u00a0National Insider Threat Policy<\/a>, and the\u00a0National Insider Threat Awareness Month each September<\/a>, along with YouTube<\/a> and Twitter<\/a> accounts you might find interesting.<\/div>\n
<\/div>\n
4 – The recently released report from Kroll – Q3 2022 Threat Landscape: Insider Threat, The Trojan Horse of 2022<\/a>.<\/div>\n
<\/div>\n
\n

\"Words<\/p>\n<\/div>\n

So now that you know about Cybersecurity Insider Threats, how can you treat this ever-present risk?<\/h2>\n

You must plan for this risk in advance to reduce the likelihood of Cybersecurity Insider Threats in your company.<\/p>\n

Specific steps include:<\/p>\n