CPNI defines an insider as a person who exploits, or has the intention to exploit, their legitimate access to an organisation’s assets for unauthorised purposes. These days, most insider acts involve IT exploitation termed “Cyber Insider”. CPNI has been engaging with industry and academia through a broad range of research initiatives that aim to improve IT monitoring capabilities to identify insider precursors and behaviour; raising awareness in employer and employee communities about insider threats; establish methods for designing IT and policies to deter staff from committing insider acts; designing IT and work practices to block insider acts.
See the video below on system sabotage - a common insider act involving exploitation of IT.
Further information on protecting against insider acts is available under Related Pages below, covering guidance on insider risk assessment.
Follow this link to visit the Legal Considerations for Employee IT Monitoring page.