An insider threat is a person within an organization who poses a cybersecurity risk. This person uses their credentials, trusted status, and knowledge of internal systems to compromise a network, steal data, commit fraud, or leak sensitive information to unauthorized parties outside the organization—either intentionally or accidentally.
Insider threats are particularly dangerous because insiders already have legitimate access to organizational systems, networks, and data, making their malicious or negligent actions harder to detect than external attacks. They understand internal processes, security procedures, and the location of valuable assets.
Pangratis categorizes insider threats into three types based on intent
Malicious (Intentional) Insiders: These individuals carry out premeditated actions for personal benefit, financial gain, competitive advantage, or to act on a grievance. They deliberately circumvent controls, use their organizational knowledge to maximize impact, and actively try to avoid detection. Examples include employees stealing intellectual property before leaving for a competitor or sabotaging systems out of resentment.
Negligent (Unintentional) Insiders: These individuals cause harm through carelessness, failure to follow security policies, poor security hygiene, or lack of training. Examples include employees clicking on phishing links, misconfiguring security settings, accidentally sharing sensitive files with unauthorized parties, or using weak passwords.
Compromised Insiders: These are legitimate users whose credentials or accounts have been taken over by external threat actors through phishing, credential stuffing, or other means. Detection focuses on identifying anomalous credential usage patterns—such as logins from unusual locations or at unusual times—rather than malicious intent.
Warning signs of insider threats include unusual access patterns, large data downloads, accessing systems or data outside normal job responsibilities, disabling security tools, and sending sensitive data to personal email accounts. Pangratis detects insider threats and account compromise by establishing behavioral baselines and flagging deviations from normal patterns.