An individual with authorized access to an organization's systems or facilities who intentionally misuses that access to harm the organization's security, data, or operations.
Malicious insiders pose unique challenges as they have legitimate access and knowledge of systems, making their activities harder to detect. They may be motivated by financial gain, revenge, ideology, or external coercion. Unlike external attackers, they don't need to breach perimeter defenses.