Insider Attack Analysis in Building Effective Cyber Security for an Organization

Insider Attack Analysis in Building Effective Cyber Security for an Organization

Sunita Vikrant Dhavale (Defence Institute of Advanced Technology, India)
Copyright: © 2018 |Pages: 17
DOI: 10.4018/978-1-5225-4053-3.ch013


Recent studies have shown that, despite being equipped with highly secure technical controls, a broad range of cyber security attacks were carried out successfully on many organizations to reveal confidential information. This shows that the technical advancements of cyber defence controls do not always guarantee organizational security. According to a recent survey carried out by IBM, 55% of these cyber-attacks involved insider threat. Controlling an insider who already has access to the company's highly protected data is a very challenging task. Insider attacks have great potential to severely damage the organization's finances as well as their social credibility. Hence, there is a need for reliable security frameworks that ensure confidentiality, integrity, authenticity, and availability of organizational information assets by including the comprehensive study of employee behaviour. This chapter provides a detailed study of insider behaviours that may hinder organization security. The chapter also analyzes the existing physical, technical, and administrative controls, their objectives, their limitations, insider behaviour analysis, and future challenges in handling insider threats.
Chapter Preview

Trusted Malicious Insiders

The human element can compromise almost anything including the most intelligently designed security system (Infosec Institute, 2012). In addition, current research shows that the most common types of attack are carried out by disgruntled or angry insiders. The malicious insiders can be trusted employees (former/current), contractors, business partners, consultants, auditors, or vendors who intentionally misuse their authorized access to organizational assets. Here, trusted means the insiders to whom organization normally provide credentials (e.g. user name and password) to access organizational information resources. Hence, we can say, an insider is a person: 1) who is trusted by the organization and given a permission to work within the security perimeter of an organization; 2) who has authorized full/partial access to the organizational information systems; 3) who has partial/full knowledge about the design and working of organization’s information systems; and 4) who has a potential to launch malicious attacks against organizational resources.

Complete Chapter List

Search this Book: