Anyone with privileged access to classified, sensitive, or proprietary data has the potential to become an “insider threat” to companies. The idea of insiders has haunted the minds of security professionals for centuries and, in today’s technology-driven society, the opportunities for insiders to distribute and transfer information outside of the company have only multiplied. While the motivation for insiders to steal information has remained fairly constant overtime, (money, ideology, ego, coercion) Jeffery Jones and Ryan Averback define and detail three distinct categories of insiders that have emerged: trusted unwitting insider, trusted witting inside, and the untrusted insider.
The trusted unwitting insider threat is typically a person with legitimate access to a computer system or network, but who unknowingly assists in transmitting information. The trusted witting insider on the other hand, has the same type of access but this person makes a conscious decision to transmit information. Technical controls stand little chance against the new breed of untrusted insiders that have developed during the digital age, simply because network security is good at “stopping the wolf, but differentiating the wolf from the sheep is an extremely difficult problem to solve.”