An insider is someone who (knowingly or unknowingly) misuses legitimate access to commit a malicious act or damage their employer. These days, most insider acts involve IT exploitation termed “Cyber Insider”. CPNI has been engaging with industry and academia through a broad range of research initiatives that aim to improve IT monitoring capabilities to identify insider precursors and behaviour; raising awareness in employer and employee communities about insider threats; establish methods for designing IT and policies to deter staff from committing insider acts; designing IT and work practices to block insider acts.
See the video below on system sabotage - a common insider act involving exploitation of IT.
Further information on protecting against insider acts is available under Related Pages below, covering guidance on insider risk assessment.