An insider threat is a current or former employee, or even a contractor or business partner, who has (or has had) access to an agency’s network, systems or data. Through misuse, they negatively influence the confidentiality, integrity or availability of an agency’s data or information systems.
In addition, there are two types of insider threats: malicious and unintentional. As the names suggest, the first one typically a disgruntled employee, while the unintentional threat is someone who has made a mistake that has ultimately compromised data.
In addition, a single, impenetrable defense is no longer practical in today’s world of information sharing. Because agencies have so many employees, contractors and partners, identity must be the new perimeter, which is why we must be vigilante about insider threats.
These are some key insights from a recent podcast interview with Nate Rushfinn, Principal Enterprise Architect at CA Technologies. Be sure to listen to the full interview below.