An individual acknowledged or received as a member of a group, category or organization, who has access to confidential data and/or has authority within the group or organization.
An insider is a director, senior officer, or any person that owns more than ten percent of a company's shares and can retrieve information that is generally restricted and privileged. This means that if you were an insider, you'd have private knowledge or influence granted to very few people. The term can be used with positive, negative, or neutral connotations.
Insider threats arise when a person with authorized access, either in the past or in the present, maliciously or accidentally operates in a way that could negatively impact the organization. Insider threats represent one of the main cybersecurity issues for many established organizations. According to Ponemon Institute, 2020 Cost of Insider Threats Global Report, insider threats have increased by 47% from 2018 to 2020.
Insiders are familiar with where the sensitive information is located and have a way to access it. When an insider causes a data breach, there are significant costs for a company to remedy the situation and prevent it from happening again.
Real-World Examples of an Insider
In 2010 Greg Chung, a Chinese national, was accused of storing more than 225,000 pages of documentation on aerospace and defense technology developed by Boeing and allegedly planned to share it with China. He was sentenced to more than 15 years in prison.
In 2015, Ubiquiti Networks employees received emails from senior executives instructing them to transfer $40 million to a bank account. This act was defined as CEO fraud or business email compromise.
In 2020 former Waymo engineer was sentenced to 18 months in prison because Uber had allegedly employed him to use his insider information on self-driving car technology for their project.
Types of Insiders
Insiders that act to the disadvantage of the organization are classified into four categories:
- Goofs are people who don't follow security rules for their convenience or because they haven't taken the time to familiarize themselves with them.
- Pawns unintentionally carry out malicious acts by downloading malware or by revealing credentials to a third party by mistake.
- Lone wolves act without any external pressure.
- Collaborators work together with competitors and others whose intention is to damage the organization.
History of Insider
Perhaps one of the best-known insiders is Martha Stewart, who was sentenced to five months in prison and five months in home confinement for selling a stock she called "a small personal matter." Still, the term's history began in 1909 when the Supreme Court made it clear that executives could not use confidential information for their gain.
Then, in 1934 the Securities Exchange Act was passed, and it was allowed to prosecute insider trading. Thirty-four years later, in 1968, an appeals court ruled that anyone possessing information must reveal it to all investors. This happened when a Texas company discovered a site that was rich in copper. Executives began trading the company stocks before releasing the information, and company shareholders took them to court.
In 1980 and 1983, the Supreme Court pardoned defendants accused of insider trading because there was no confidential relationship between the insider and the person who tipped him. Secondly, the responsibility belonged to the source of the tip.