Insider

Insider (malicious + negligent)

Resources / capability

Variable — legitimate access, mishandled or misused. Negligent insiders (most cases) bypass technical controls by being authorized.

Typical targets

From within — wherever the insider has access. Disgruntled departures, third-party contractors with broad permissions, careless privileged users.

Most relevant defenses
  • DLP
  • data access governance
  • UEBA
  • identity governance
  • DSPM

Note · Quietly the largest class of incidents by count, dwarfed in headlines by nation-state and ransomware.