Protecting an organization and its data from a breach or attack can be a daunting task to undertake. There is such a wide range of possible dangers that preventing risks from evolving into active threats is not one job, but a variety of measures, tools, and practices put in place. While preventing attacks from external sources might seem hard enough on its own, it is vital not to forget that threats can come from within an organization as well. Whether they are the result of malicious, negligent, or compromised insiders, internal threats can pose a major danger to a business and its assets. An insider threat occurs “when an organization’s trusted users abuse or misuse their access to sensitive information and assets.” Each person with authorized access to any part of an organization – digital or otherwise – is an insider with the potential to cause damage. This includes not only employees, but contractors, partners, custodial workers, repair people, and anyone else who is granted access to the organization’s network, resources, or assets. The most prominent concern is data leakage, as insiders with access to sensitive enterprise data may, either through their intentional or unintentional actions, allow that data to fall into the wrong hands. There are essentially three different types of insider threats. The first is a malicious insider who, for one reason or another, has chosen specifically to cause damage to their organization from the inside. This is often done for financial gain or personal vendetta, and it covers cases like employees stealing trade secrets to sell to competitors or taking client information when they leave a company. The second type occurs when an insider is either ignorant or negligent of cybersecurity policies and practices and, through action or inaction, accidentally poses a threat. The last type is the compromised insider, which is an external actor gaining access to an insider’s account through phishing or hacking and then using that account to further infiltrate the company.