█
LastWrite
  • > Curriculum
  • > Pricing
  • > For Educators
  • > About
  • > Contact
Log InGet Started

Questions, concerns, bug reports, or suggestions? We read every message, write to us at [email protected].

More ways to reach us →
LastWrite

Structured computer science lessons for aspiring developers and security professionals.

[email protected]

(201) 785-7951

Mon–Fri, 9 AM–5 PM EST

Learn

  • Curriculum
  • Pricing

Company

  • About
  • For Educators & Schools
  • Contact Us

Legal

  • Terms of Service
  • Privacy Policy
© 2026 LastWrite. All rights reserved.
Curriculum/Cybersecurity/Data Leakage Prevention/Insider Threats
35 minIntermediate

Insider Threats

After this lesson, you will be able to: Recognize behavioral indicators of insider threats and the controls that mitigate them.

Insiders, current/former employees, contractors, partners, already have access. The leak isn't a hack; it's misuse. Detection requires behavioral analytics, not just signatures.

Prerequisites:DLP Tools and Strategies

Three types of insiders

Malicious, disgruntled, financially motivated, espionage. Negligent, bypass controls for convenience. Compromised, credentials stolen, attacker acts as them.

💡 Behavioral indicators

Abnormal hours, large data downloads, accessing systems outside their role, exfiltration to personal email/cloud, sudden interest in resignation. UEBA tools (User & Entity Behavior Analytics) baseline + alert on deviations.

Controls that work

  1. 1

    1. Least privilege, they can't leak what they can't access.

  2. 2

    2. Separation of duties, no single person can complete sensitive workflows alone.

  3. 3

    3. Privileged Access Management (PAM), record + review admin sessions.

  4. 4

    4. UEBA, flag behavioral anomalies.

  5. 5

    5. Exit procedures, revoke access *immediately*, not 'next sprint'.

The Snowden lesson

Edward Snowden was a sysadmin with access far beyond his role. The NSA's failure was access design, not detection. Least privilege is the cheapest, highest-impact control.

Quick Check

Which control would have prevented Snowden?

Choose one.

Sign in and purchase access to unlock this lesson.

Sign in to purchase
←Data Loss Prevention Tools and Strategies
Back to Data Leakage Prevention
Compliance and Data Protection Regulations→