What is an Insider Threat?

Several of us have been discussing in a thread at the Security Calayst Community Forums, and we all have differing opinions on what constitutes an "insider threat." In my opinion an insider threat is a party who has the capability and intention of exploiting a vulnerability in an asset. An example "what if" somebody brought up was this:

Does you CFO carry acopy of the books on a USB so they can do work at home? If so, is it attached to their keychain, and do they every use valet parking or get their car serviced?

The threat here then is whoever finds that usb key or the kid parking cars at the valet. The CFO carrying around financial information with him all the time would constitute a vulnerability, not threat.

Should we consider accidental poicy violations as threats? I know many of the statistics that report 80% of all attacks are because of insiders. Sounds more like marketing FUD to me, to get you to buy some product. Often that statistic includes incidents where an employee would try and access SecurityFocus website and WebSense returns "inappropriate - hacking."

Posted by Marcin on Wednesday, February 21, 2007 in Security.