For a view of insider threats to computer systems from the military perspective, take a look at a post by Jeffrey R. Jones and Ryan Averbeck at CSO magazine. Insiders today have greater capacity to leak sensitive data and lower odds of being caught than ever before, they write, and those threats can be viewed in three categories: The trusted unwitting insider, trusted witting insider and the untrusted insider.

Trusted unwitting insiders are people who have legitimate access to a system but make bad judgment calls, write Jones and Averbeck, cyber security experts with the U.S. Army Material Command G2. These employees can be tricked into downloading malware onto a company's network by external parties.

Trusted witting insiders also are authorized to use a system, but they deliberately leak data for malicious reasons or to gain something for themselves, such as money. "An increasingly familiar scenario is the disgruntled employee surreptitiously downloading sensitive files to a thumb drive and selling it to a competitor," the authors write.

What is new in the digital age, they maintain, is the untrusted insider, which is "a direct result of the global interconnection of disparate elements on the Internet." This individual does not have legitimate access to a network, but finds a way in, often by taking advantage of unwitting insiders.

As the authors point out, once an untrusted insider has gained access, perimeter security is no longer effective in protecting the network. "Most of the components of layered defense strategies, such as policies, procedures and technical controls, can be rendered useless during this type of compromise," they write, adding that technical controls offer the best odds of stopping the insider.

For more:
- see Jones and Averbeck's post at CSO

Related Articles:
Lying IT pros and the lies they tell
70 percent of financial institutions attacked by insiders