An insider threat is any malicious or unintended security threat to an organization's data or information systems posed by an individual in the organization or operating inside the organization. A malicious insider is arguably more dangerous than an external hacker. There are three main reasons for this.
First, all of a company's sensitive data is within an arm's reach for an insider. Even if malicious insiders don't have privileged access to data, they may know what information to target, the location where it's stored, and how to obtain it.
Second, most companies trust their employees; so the malicious insider can easily slip under the radar. It might take a long time for the company to discover it was an insider that initiated the breach, because that's often the last person a company would suspect.
Third, malicious insiders have more opportunities to cover their tracks and hide their crime. Compared to an outsider, it's relatively easy for an insider to delete audit logs in Active Directory (AD); likewise, an insider doesn't need to breach any perimeter defenses to access the network.
To prevent insider threats:
Defend against sophisticated threats.
Get started with Log360 UEBA.Download
© 2019 Zoho Corp. All rights reserved.