The insider threat rises again
The insider threat rises again
https://www.csoonline.com/article/4143393/the-insider-threat-rises-again.html
Publish Date: 2026-03-23 03:02:00
Source Domain: www.csoonline.com
“My background is in the intelligence community, where we studied insider threat through a well-established lens: ego, ideology, and economics. Those motivations haven’t changed. What’s changed is the operating environment and who/what qualifies as an insider,” says Chris Cochran, field CISO and vice president of AI security at the SANS Institute.
“It’s no longer just employees. It’s contractors, fraudulent hires who gained access through identity fraud, and now AI agents operating with persistent, privileged access,” he says. “A misconfigured agent is a superuser that never sleeps. A compromised agent is an adversary with legitimate credentials moving at machine speed. If it has trusted access and can act on data, it’s an insider, witting or unwitting.”
The shift to remote work, Cochran adds, also removed physical and psychological barriers to insider risks. “Downloading data to a personal device doesn’t feel like espionage, and that trivialization is the risk,” he says. “Layer on economic pressure: While companies freeze hiring and suppress raises, and you have a recipe for witting insider threat at scale.”
