Insider
Insider (malicious + negligent)
Resources / capability
Variable — legitimate access, mishandled or misused. Negligent insiders (most cases) bypass technical controls by being authorized.
Typical targets
From within — wherever the insider has access. Disgruntled departures, third-party contractors with broad permissions, careless privileged users.
Most relevant defenses
- DLP
- data access governance
- UEBA
- identity governance
- DSPM
Note · Quietly the largest class of incidents by count, dwarfed in headlines by nation-state and ransomware.