Insider Threat Awareness Month

September 2023 is the fifth annual National Insider Threat Awareness Month, according to the National Counterintelligence and Security Centre.

What is Insider Threat Awareness?

Like cybersecurity awareness, insider threat awareness is the importance of being aware and vigilant when it comes to protecting sensitive organisation information from malicious insiders, account compromise attacks as well and accidental incidents.

What is an Insider?

An insider is anyone that has, or has had access to an organisation’s resources, facilities, information, network or systems.

What, Exactly, is an Insider Threat?

An Insider Threat is someone who has authorised access to an organisation’s assets that either intentionally or accidentally causes harm to those assets.

Whether it involves a disgruntled employee seeking retribution, a worker looking to profit over the sale of proprietary data, or simply someone accessing data for the sake of curiosity, insiders are as important a consideration as any external threat. An external attacker who compromises a user’s account is also considered an insider threat since that individual now has authorised access to that user’s accounts, data, and applications.

 

Resources:

1. 2023 Insider Threat: Vigilance Campaign – The 2023 Insider Threat Vigilance Campaign by the Centre for Development of Security Excellence (CDSE) provides regular messaging around insider threat awareness material that can help reinforce understanding – https://www.cdse.edu/Portals/124/Documents/jobaids/insider/INTVigilanceCampaign.pdf

2. National Insider Threat Awareness Month (NITAM) – https://securityawareness.usalearning.gov/cdse/nitam/index.html

3. Naked Insider has a vast library of articles, videos and books providing a wide array of education and awareness of the risk the trusted insiders can pose – www.nakedinsider.com