Defending against insider threats is more than just picking the right security solutions. It’s also defining and creating a security program that pulls people, processes, and technology together to effectively defend against these kinds of threats.
An insider threat is malicious activity against an organization that comes from user credentials with legitimate access to an organization’s network, applications, or databases. These credentials can be current employees, former employees, or third parties like partners, contractors, or temporary workers with access to the organization’s physical or digital assets. They can be privileged or service accounts that have automated download functions or normal activities that have been compromised by an identity-based attack. While the term is most commonly used to describe illicit or malicious activity, it can also refer to any user account which causes harm to the business. The following checklist is meant to be a guide when defining an insider threat or insider risk defense program.