Although this paper is focused on threats from the Internet, insiders (anyone who has legitimate access to your systems as an employee or a contractor) should also be considered as part of a holistic security regime. They may be motivated by personal gain or redress against grievances.
An insider could simply use their normal access to compromise your information, take advantage of unlocked computers or guessable passwords. They could use social engineering techniques (fooling people in to breaking normal security procedures) to gain further accesses. They may even have the technical skills to use commodity tools and techniques to become a ‘hacker within the system’, with the opportunity to cause greater damage and steal information at will. In the worst case scenario, an insider could be working for an adversary who can develop bespoke tools, and introduce these deep within your organisation. Assessing which (if any) of these scenarios is likely should be a critical part of your risk assessment process.
Without appropriate training, insiders can also accidentally compromise a system or the information it holds. So make sure that particular care is taken when evaluating all aspects of the insider threat as part of your organisation’s overall assessment of cyber risks, referring to external guidance where required.
Source of Information
Information taken from the National Cyber Security Centre pdf “Common Cyber Attacks: Reducing the Impact“