A cyber insider is an employee who (knowingly or unknowingly) misuses legitimate access to IT to commit a malicious act or damage their employer.
The threat from cyber insiders is a significant concern for businesses. An attack may take many forms – e.g. stealing large volumes of data via e-mail or removable media, attempting to sabotage IT systems to disrupt key services, manipulating data for personal/disruptive gain or abusing access to commit fraud.
Personal data is also at risk from insider fraud. There have been instances of employees abusing their access rights to search corporate databases or steal vast quantities of data (e.g. credit card details) to enable fraud. Whilst many of these insider acts are opportunistic in nature some are linked to wider organised crime networks that cultivate employees in key positions.
Whilst protective monitoring systems will enable identification of the cyber insider after the crime has been committed, they will not pick up any precursor activities which might have raised alarm bells. Employers need to educate staff on practices such as online social engineering, raise awareness of the importance of personal information security, and develop approaches and techniques that limit opportunities for insider acts.