Malicious user — meaning a rogue employee, contractor, intern, or other user who abuses his or her trusted privileges — is a common term in security circles and in headlines about information breaches. The issue isn’t necessarily users “hacking” internal systems, but rather users who abuse the computer access privileges they’ve been given. Users ferret through critical database systems to glean sensitive information, e-mail confidential client information to the competition or elsewhere to the cloud, or delete sensitive files from servers that they probably didn’t need to have access to in the first place. There’s also the occasional ignorant insider whose intent is not malicious but who still causes security problems by moving, deleting, or corrupting sensitive information. Even an innocent “fat-finger” on the keyboard can have dire consequences in the business world.
Malicious users are often the worst enemies of IT and information security professionals because they know exactly where to go to get the goods and don’t need to be computer savvy to compromise sensitive information. These users have the access they need and the management trusts them — often without question.