People
Insider threats
Misuse of access by employees or contractors.
What it is
An employee with legitimate access exfiltrates data, sabotages systems, or leaves with a copy of the customer list.
How attackers exploit it
Wide-open access (everyone can see everything), no audit logs, and shared admin accounts make insider abuse easy and undetectable.
How to protect against it
- Least privilege — only grant what a role actually needs.
- Audit log every privileged action; review weekly.
- Remove access on the same day someone leaves.
- Encrypt sensitive data at rest with keys the app server can use but the engineer cannot dump.
Reference videos
Insider threats explained
IBM Technology
Further reading