Skip to content
Industry Insights

The Spooky Side of Insider Risks

Insider risks can happen in any company, and like some of our favorite Halloween characters, they often are difficult to spot until it’s too late. Here’s what some of the typical insiders would dress up as for Halloween. But don’t be scared — we’re demystifying their characteristics so you can detect and respond to a variety of insider risks.


A Zombie wants to spread information and involve others in projects, but that can lead to oversharing docs via public links, and data ending up in the wrong hands. Another common name in the Insider Risk world is the Sharer. As with many insiders, the Sharer is usually not malicious. They are trying to get their job done and sometimes take risky actions to cut corners and work faster. This could mean saving their work files to personal drives or emailing documents to themselves to work on a personal device. As we saw in our 2020 Data Exposure Report, 36% of workers believe that the emphasis on file sharing has made them more complacent about data security.


A Ghost is leaving the organization and taking data with them. They could be going to a competitor and taking sales lists, or saving their work projects to personal drives so they can access them at their next job. Either way, you can expect the data to go *poof.* When we’re looking at insiders, the motivations can range from self-serving at a new job to more malicious, like stealing trade secrets. It’s important for organizations to know who has access to the “crown jewels” like IP, customer lists, and strategy docs. Insider risk should not just be a focus when employees are leaving, but also when they are onboarding and throughout their entire tenure with the organization. More often than not, employees have exfiltrated files and data long before they put in their notice.


A Witch is just stirring the pot, and seeing what they can get away with by gaming the system. This can include using sanctioned apps to get around secruity blocks. They may not mean to do harm, but insider risk isn’t changed by intent. Careless or distracted workers can click on phishing links or send documents to their wrong email, and have similar impacts as the more malicious insiders. As Mark Wojtasiak writes in our book Inside Jobs: Why Insider Risk is the Biggest Cyber Risk You Can’t Ignore, “When assessing Insider Risk, intent doesn’t really factor into the equation. Risk is risk regardless of the employee’s intention—good, bad or indifferent.”

With better understanding of insiders, hopefully they’re less scary! It’s all about knowing what actions they are taking that open up your organization to risks, responding based on impact and motive, and educating employees on how to practice good data security. The insider personas don’t stop here — learn about all of them in Inside Jobs

We also recommend 6 Unusual Data Behaviors that Indicate Insider Threat to further dig into risky data movements. 

You might also like: