skip to main content
CDSDS logo
News

CDS DS Podcast Episode 8: Understanding Insider Threats Goes Live

A look into insider threats in cybersecurity, exploring why the biggest risks often come from within. This episode breaks down the difference between malicious and accidental insider activity, and how organisations can better manage both.

Share

All News
Karl Rees and Martin Nash smiling to camera on set of Episode 8 of the Briefing Room Podcast around Insider Threat

In cyber security, the default image is often an external attacker, someone on the outside trying to break in. But in reality, one of the most significant risks to any organisation is already inside the perimeter.

In Episode 8 of The Briefing Room, Karl Rees is joined by Martin Nash, Head of Cyber Assurance and Resilience Services at CDS DS, to unpack one of the most misunderstood areas of cyber: insider threats.

What is an Insider Threat?

At its simplest, an insider threat is any risk posed by someone with authorised access, whether that’s to systems, data, or physical locations. That includes employees, contractors, third-party suppliers or anyone with legitimate access to your organisation.

Crucially, insider threats are not always malicious. “It’s anybody with authorised access… and the damage they can do—either accidentally or deliberately.”

Not Just Malicious: The Reality of Insider Risk

A common misconception is that insider threats are always intentional, think Hollywood-style sabotage or espionage. In reality, 20% are malicious and 80% are accidental or unintentional. That 80% includes everyday behaviours such as:

  • Clicking on phishing links

  • Bypassing security processes to “get the job done”

  • Letting someone tailgate into a secure building

  • Mishandling sensitive data

These actions are rarely done with bad intent, but they can still lead to serious incidents.

Why Insider Threats Matter

For organisations in defence and government, the stakes are obvious, sensitive information, national security, and even potential loss of life. But insider risk is not limited to high-security environments.

Every organisation has:

  • Valuable data

  • Operational systems

  • Customer information

  • Reputational risk

As discussed in the episode, even small businesses are exposed, especially when outsourcing IT or working with partners who gain access to systems.

“There is no bigger impact in cybersecurity than one enabled by an insider who wants to do bad.”

Watch / Listen to the Full Episode

Episode 8 of The Briefing Room dives deeper into insider threats, including real-world examples, practical mitigation strategies, and how organisations can approach the challenge responsibly.

📺 Watch on YouTube - https://youtu.be/nSCAiTRiCLI

🎧 Listen on Spotify - https://open.spotify.com/episode/0JPq4LzbEVgyy841sTWrtQ?si=rLldfifvQRuIesctyKoEeg

If you would like to understand how CDS Defence & Security can help organisations operate securely and efficiently, contact us today.