Who or What is an Insider Threat

There are many government agencies, security vendors, and corporations that try to define “Insider Threat”. I don’t like most of them as it’s a very complicated problem that resists a simple definition. Brevity is further hampered by the fact that insider problems occur across nearly all forms of organizations and involve a range of potential crimes.

My best effort for a concise definition that I have broken up for clarity is:

An individual who has (or had) authorized access,

Acts or fails to act,

In a malicious, negligent, apathetic, or ignorant (i.e., improperly trained) manner,

That could negatively impact the entity.

This definition is useful to firms in helping them understand where potential issues can occur and what they need to focus on.