Insider threats are threat actors operating within an organization. Insider threats are usually employees but contractors or ex-employees can be considered insider threats too.
Insider threats can have a variety of goals, such as financial gain, personal grievances, or gaining some sort of advantage over others. Insider threats can operate opportunistically or deliberately, sometimes working with other threat actors to give them access they would not have otherwise had.
Insider threats usually have elevated access and increased knowledge when compared to external threat actors. This can make them more difficult to detect, and it can give them more options for how to attack the organization. Insider threats can have a wide range of sophistication - A disgruntled cashier, for example, will probably not be as sophisticated a threat as a disgruntled security analyst.
Insider threats are one reason why it’s so important to follow the principle of least privilege! Limiting the access insiders have means that a malicious insider will have fewer options available to them, and can do less damage.
One specific type of insider threat is that of Shadow IT. Shadow IT refers to assets that are part of an organization’s network, but aren’t set up or managed by IT AND that IT and Security are not aware of. This can be dangerous since unknown assets on an organization’s network can create attack vectors that the organization is not aware of until it’s too late.