Insider Threats – CompTIA A+ 220-1102 – 2.4

A significant security challenges comes from inside the organization itself. In this video, you’ll learn about insider threats and how insiders are recruited by attackers to provide access to an organization’s private data.

Insider threats are a remarkably difficult problem to protect against. People inside your organization are already trusted. And if they have access to systems and data, they may be able to take advantage of that access. Even if the insider doesn’t have any special access or knowledge of your systems or data, they do have institutional knowledge and they know where these devices are located and which servers may contain different types of data.

They can also perform this attack over a very long period of time, collecting intelligence, finding additional data, identifying vulnerabilities, and then taking advantage of those vulnerabilities. In some cases, attackers are actively recruiting people inside of your organization to be able to provide them with access and data. We’re getting very good at protecting the perimeter. We now need to get much better at protecting the inside of our network.

There have even been cases where ransomware actors have contacted people inside of an organization and bribe them with cryptocurrency in an effort to gain access to systems and data. And since one ransomware infection can literally earn millions of dollars for the attacker, this might be a very good business decision for someone who’s trying to attack one of your networks.

One of the best ways to protect against an insider attack is the same way you protect against any other type of attack. You have solid security fundamentals and you always have backups of your data. This may not be a foolproof way of preventing insider attacks, but it could help you if you discover that there are problems inside of your network that need to be resolved.