Insider threats are some of the most dangerous out there, and everyone is susceptible. 

An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems.

Insider threats occur for a variety of reasons. In some cases, individuals use their access to sensitive information for personal or financial gain. In others, insiders have aligned themselves with third parties, such as other organizations or hacking groups, and operate on their behalf to gain access from within the network of trust and share proprietary or sensitive information.

Another type of insider threat is often referred to as a Logic Bomb. In this instance, malicious software is left running on computer systems by former employees, which can cause problems ranging from a mild annoyance to complete disaster.

As individuals close to the organization, and with privileged knowledge and access to our systems, insider threats are particularly dangerous. Insider threats are often more difficult to identify and block than outside attacks because they don't raise the same flags. Often, warning signs are present but may go unreported for years because colleagues of these individuals are unwilling or hesitant to accept the idea that a trusted co-worker could be acting maliciously.

Businesses are built on teams and require counterparts to trust and support one another, making it difficult for colleagues to acknowledge warning signs and red flags when they are present. This further complicates the challenges that exist in successfully defending against insider threats. Despite these challenges, addressing insider threats to sensitive data is a critical component of any modern security program.

Your Responsibility

Protecting against insider threats is everyone's responsibility. If someone in the office is acting oddly, trying to get information about your system access credentials, ever asks for your password, etc., REPORT THIS ACTIVITY to the CIO.  Additionally, if  you know that someone is extremely displeased with their job or has been saying things regarding the company that seem at all threatening in nature, LET SOMEONE KNOW.