There are few, if any, organizations immune to the adverse and costly effects of successful information system attacks. As reliance on information systems continues to increase, organizations must continue to implement effective computer security measures to maintain their operability. This paper focuses on internal attacks executed by those individuals within the organization who have authorized access to information systems and behave in an unethical manner. We examine categorization of insiders; the motives and psychological profiles behind their destructive behavior; and conclude with a discussion of several measures that organizations can implement in order to detect and defend against insider threats.