Menu
insider

What is Insider Threats.

,

Spread The Knowledge
Insider threat is defined as an attack perpetrated by a user or malicious code that already inside the defended perimeter security of the organization. This type of attack is especially dangerous because often the attacker knows how the system is configured and also knows its weaknesses. An external attacker has to break the perimeter security such firewall, Proxy, DMZ etc.  To get into the system to learn about the infrastructure. Whereas the inside attacker is already inside network. This kind of attacker can use his knowledge of the infrastructure to customize the attack to exploit the known system weakness and vulnerabilities. Often the inside attacker is a disgruntled employee; however along with malicious insider both clueless and careless insiders can bring external threat inside the network. The Insider threat can inflict intentional harm to the infrastructure and data such as theft, sabotage or espionage. Similarly the clueless and careless insiders expose the risks through social engineering, malwares, poor attention to security best practices or stealing or loss of the organization equipment’s that result into loss of data.  An insider threat is a security risk that originates within the targeted organization. This doesn’t mean that the actor must be a current employee or officer in the organization. They could be a consultant, former employee, business partner, or board member.A network is especially vulnerable to malicious insiders, who already have privileged access to organizational systems. Insider threats can be difficult to detect and protect against, because insiders do not need to penetrate the network in order to do harm. New technologies like User and Even Behavioral Analytics (UEBA) can help identify suspicious or anomalous behavior by internal users, which can help identify insider attacks.
Types of Insider Threats:
In order to protect users’ organization from insider threats, it’s important to understand what insider threats look like.
 
A) Negligent: Negligent insiders may not intend to put the organization at risk, but do so non-maliciously by behaving in insecure ways. Clue-less and Care-less insiders both belong to this category. These insiders may be non-responsive to security awareness and training exercises or may make isolated errors by exercising bad judgment. In either case, negligence is often cited as the most expensive type of employee risk. Careless employees or vendors can become targets for attackers. Leaving a computer or terminal unlocked for a few minutes can be enough for one to gain access.
 
B) Collusive: Collusiveinsiders will collaborate with malicious external cyber-criminal to compromise the organization security. While it is risky and rare, this type of insider threat is becoming more common as professional Cyber criminals are increasingly using the dark web to recruit employees as allies. These cases often involve fraud, intellectual property theft or a combination of the two, which can make them very costly. This type of collusion may also take longer to detect as malicious external threat actors are typically well-versed in security technology and strategies for avoiding detection.
 
C) Malicious: Maliciousinsiders steal data or commit other negative acts against the organization with the goal of financial rewards or other personal gains. Malicious insiders looking for a second stream of income will typically steal data slowly to personal accounts to avoid detection. Another type of malicious insider, the disgruntled employee, will aim to deliberately sabotage a company or steal its intellectual property. They may be seen combing through sensitive company information or completing large data exports, especially around the time they resign from their position or give the customary a time bound notice before leaving a position.
 
D) Third-party: These insiders are contractors or vendors that a business has typically given some kind of access to its network. These insiders may have employees that fall under one of the categories above or may simply have flaws in their own systems and devices that open vulnerabilities to attackers.

Related Posts