What Does Insider Attack Mean?
An insider attack is a malicious attack perpetrated on a network or computer system by a person with authorized system access.
Insiders that perform attacks have a distinct advantage over external attackers because they have authorized system access and also may be familiar with network architecture and system policies/procedures. In addition, there may be less security against insider attacks because many organizations focus on protection from external attacks.
An insider attack is also known as an insider threat.
Techopedia Explains Insider Attack
Insider attacks can affect all computer security elements and range from stealing sensitive data to injecting Trojan viruses in a system or network. Insiders also may affect system availability by overloading computer/network storage or processing capacity, leading to system crashes.
Internal intrusion detection systems (IDS) protect organizations against insider attacks, but deploying such systems is not easy. Rules must be established to ensure that unintended attack warnings are not triggered by employees.
In 2008, a noteworthy insider attack occurred when Terry Childs, a network engineer for the San Francisco Department of Telecommunications and Information Services, altered the city’s network passwords, locking FiberWAN access for 12 days. Childs was found guilty of felony network tampering. The work required to regain system control cost the city of San Francisco $900,000, and 60 percent of city services were affected by the insider attack.
