Insider

Dictionary Term

[ 1 Alternative Forms ] [ 2 Definitions ] [ 2.1 Definition 1 ] [ 2.1.1 Motivations, Risks, and Countermeasures ] [ 2.1.2 Sample Sentences ] [ 2.1.3 Conceptual Diagram ] [ 2.2 Definition 2 ] [ 2.2.1 Sample Sentences ] [ 3 Related Terms ] [ 4 Quotes ] [ 5 Bibliography ] [ 6 See Also ]

Alternative Forms

Company Insider
Organization Insider

Definitions

Definition 1

An insider is an entity, often a person, that is linked to an organization and has accumulated knowledge about that organization, its processes, people, and/or information system through current or past relation and/or authorized accesses. ^⑤^⑧

In addition to knowledge, an insider may hold capabilities granted by the organization such as authority delegation, and/or access permissions to IT systems or physical assets.

An organization trusts its insiders a priori. This trust varies in function of the insider’s roles, relationships, background, or other factors.^⑧

The population of insiders comprises the entities of the extended organization including current and former employees, contractors, board members, external auditors, suppliers, vendors, out-sourcing partners, etc. ^④^⑤

By transitivity, a subset of the insiders of a partner organization become insiders of the partnering organization. This is exemplified in the supply chain attack. ^④

Considering that by definition the organization’s workforce is composed of insiders, the population of insiders is consubstantial to an organization.

Insiders pose a threat called the insider threat because they may accidentally or intentionally cause damage to the organization. Insiders may cause accidents especially if incompetent. Insiders may be compromised by social engineering techniques or bribery. Disloyal insiders may seek vengeance, praise, or financial gains by attacking the organization, thus becoming an inside attacker that perpetrates insider attacks. ^② ^⑥ ^⑧

By contrast, an outsider does not initially have the knowledge, capabilities, and trust of the organization and outside attackers must first find a way to obtain these before attacking an organization.

Because an insider has knowledge, capabilities, and trust, he initially has broader possibilities and opportunities than outsiders. This is exemplified by the privilege abuse threat. Under certain circumstances, an insider may more easily conceal their actions or bypass controls. As a result, insider attacks tend to be harder to prevent, detect and mitigate. Insider attacks also tend to more frequently cause losses and have more severe consequences for the organization. ^② ^④ ^⑦ ^⑧

The population of insiders may be further decomposed into unprivileged insiders and privileged insiders.

The terms insider and outsider are antonyms and constitute a binary classification of mutually exclusive categories. Considering the extended organization, this simple model may be too limited depending on analysis requirements. For instance, some populations such as customers may or may not be considered insiders depending on circumstances. Also, entities may belong to multiple populations (e.g.: a former employee that is a customer and a supplier) making it complex to draw clear boundaries. A model that reflects this complexity is the Access Continuum model.

Motivations, Risks, and Countermeasures

See insider threat, inside attacker, and insider attack.

Sample Sentences

Bob, an employee of Acme corporation, was an insider. Eve, a cybercriminal, was an outsider. Eve used social engineering techniques against Bob to gain knowledge about and access to Acme’s confidential information.

Conceptual Diagram

Definition 2

An insider may designate the perpetrator of an insider attack.

To avoid confusion, the preferred term is inside attacker to distinguish the population that may potentially become attackers from the population that effectively perpetrate attacks.