Skip to main content

When considering the many faces and motivations behind cyber security attacks, the popular culprits that may come to mind include financially motivated cybercriminals, politically motivated nation-state attackers, socially motivated hacktivists, and more. While these are all valid threats, one group that is often overlooked is the trusted employee and contractor pool within the company. It’s been proven that employees pose a growing threat to companies’ security posture. According to the 2019 Verizon Data Breach Investigations Report, 34% of data breaches involve insider threat actors.

What is an insider threat?


An insider threat is a hazard that originates from an employee or third party who, whether intentionally or unintentionally, misuses their access in a way that exposes the company to risks. Insider threats can be current or former employees, contractors, business partners, and anyone else who has legitimate access to business systems and data. Though the motivations behind the threats can vary, a report from Fortinet concluded that fraud and monetary gain were the biggest factors, driving 50% of malicious insiders. Theft of intellectual property was also another top motivator. 34% of data breaches involve internal threat actors. – 2019 Verizon Breach Report

Five insider threat personas that put organizations at risk:

Persona One: The Criminal Staffer

Unfortunately, though employers seek to hire trustworthy and honest people, sometimes criminals still end up within the organization. The criminal staffer is someone who is intentionally committing fraud or other crimes, often for monetary gain. This could be an employee submitting bogus expense reports, creating fake invoices with payments routed to their personal accounts, and more. While background checks and vetting can help weed out high-risk individuals, in the beginning, this continues to pose a risk because circumstances change over time. Even the nicest employees can experience behavioral shifts when faced with financial hardship, gambling problems, substance abuse, and other stressors. This was a hard lesson for Punjab National Bank, who was defrauded $1.8 billion by an employee who abused his access and shared his credentials with others to help build a lucrative theft ring.

Persona Two: The Unhappy Employee

The unhappy employee is often disgruntled over factors associated with the workplace. This employee didn’t get the raise they wanted. Someone else got the promotion they’d been working so hard far. They made the company millions of dollars and believed their 1% commission rate was unfair. These perceived mistreatments push this threat actor to justify the crimes they commit. They go on to “take what they rightfully deserve” by stealing from the company or finding other ways to negatively impact those they feel they’ve been wronged by.

Persona Three: The Former Colleague

The former colleague resurrects from separation from the company and comes back to haunt everyone. Employees who have resigned or have been terminated don’t always leave amicably. These frustrated insiders can delete critical files in an attempt to sabotage the business, export and steal sensitive data for use in future jobs, create backdoors so that they can access company resources well after they are gone, and more. For example, Coca-Cola was forced to disclose a data breach after an employee who left the company took computer files that included personal information on about 8,000 individuals.

Persona Four: The Careless Worker

Not all insider threats stem from employees who intend to harm the company. Some employees simply don’t know that they are exposing the business to risk. The careless worker is the one who clicks on every phishing email, promising that they’ve won a million dollars. This employee writes their password on a sticky note at their desk. Or, gives the random caller posing as tech support their social security number for verification. Or, post pictures of your highly confidential product plans on social media so followers can see how cool your company is. While this employee may not intend to do harm, they put your company at grave risk. For example, within a span of one week, five different healthcare providers disclosed breaches that occurred because of phishing emails that careless employees clicked on. These careless actions impacted thousands of patients.

Persona Five: The Risky Contractor

Third parties continue to pose a considerable risk to businesses. Between 2018 and 2019, third-party breaches increased by 35%. Other commonly overlooked insiders, contractors, and business partners have the ability to impact your security and cause breaches as well. Like employees, the risky contractor can click on phishing emails, leak data, share their passwords, provide a vulnerable API connection, and more. This lesson became very real for Quest Diagnostics, who reported sensitive data on almost 12 million patients had been exposed after attackers gained unauthorized access to their system via one of their third-party collection partners.

Addressing insider threats

Breaches that stem from insiders are usually harder to detect due to the insider knowledge and authorized access the threat actors have. Insiders are able to bypass typical security controls and remain unnoticed for years. This can result in more significant financial and reputational damages than threats from external parties.

Combatting this requires a robust cyber security plan. Key fundamentals are to have a robust vetting and hiring process, train employees on risks and best practices to prevent becoming threats, create a vendor management program that includes security requirements and controls for third parties, control and monitor access to resources, and segregate duties amongst individuals or roles. In addition, ensure that you have outlined proactive ways to detect and respond to insider threats, including a workplace investigation process.


Sometimes, the biggest threats to organizations are not hackers and criminals fighting to get in from the outside. Trusted employees and third parties on the inside often pose one of the greatest risks to businesses. Whether criminally motivated, disgruntled, naïve, or vengeful when your employees pose a threat, it’s essential to both recognize and be prepared to respond as quickly as possible.