An insider threat is a current or former employee, or even a contractor or business partner, who has (or has had) access to an agency’s network, systems or data. Through misuse, they negatively influence the confidentiality, integrity or availability of an agency’s data or information systems.
In addition, there are two types of insider threats: malicious and unintentional. As the names suggest, the first one typically a disgruntled employee, while the unintentional threat is someone who has made a mistake that has ultimately compromised data.
In addition, a single, impenetrable defense is no longer practical in today’s world of information sharing. Because agencies have so many employees, contractors and partners, identity must be the new perimeter, which is why we must be vigilante about insider threats.
These are some key insights from a recent podcast interview with Nate Rushfinn, Principal Enterprise Architect at CA Technologies. Be sure to listen to the full interview below.
In addition, in case you missed it, Nate recently authored a two-part Federal Technology Insider series on the topic of insider threats and government, which also dives deeper on this topic.
