Insider Threats – CompTIA Security+ SY0-401: 3.2

A huge security risk is on the inside of your network. In this video, you’ll learn about insider threats and what you can to do help secure yourself from this very intimate security concern.

<< Previous Video: Privilege EscalationNext: Transitive and Client-Side Attacks >>


We spend a lot of time and money protecting our network from people who are on the outside. But of course, we need to also think about protecting the resources that we have on the inside of our network from the people who are also on the inside of our network. If you look at the statistics for insider threats, they are a significant part of our security strategy. We give people all kinds of access on the inside of our network. That, of course, is why we have this concept of least privilege.

We want to give rights and permissions to people, but only just enough rights and permissions to allow them to do their job. We don’t want to give everybody in the network administrator access to every device on the network because we want to be sure that we’re minimizing all of the security threats for everyone on the inside, as well as on the outside of our network.

If you are inside the building of an organization, you automatically have more access than someone who’s on the outside. In many organizations, there are specific rules and policies that deal with visitors who are coming into the building. In some organizations, a visitor can’t even enter the room unless everybody turns off the screens of their computers, they put away all of their papers, and allow the visitor to walk through the room. In those very high security environments, it really requires some additional security to guard against those insider threats.

Having one of these insiders cause a security problem can also cause other issues with your organization. For instance, if an insider was to cause a security problem that allowed confidential information to get out, that means that people may trust you a little bit less. This might harm your reputation because if you can’t protect from the people who are already inside the building and your employees then how can we trust you as an organization?

This could also, of course, caused outages and downtime. And of course, for a critical system to be down it could be costing the organization a large amount of money. And if your information that is proprietary gets out, you may be giving away the secrets to what you’re doing as a company. So by guarding against these insider threats, you may also be ensuring the future of your organization.

Every year, Carnegie Mellon does a survey from the Computer Emergency Response Team or CERT. And this survey in 2014 is the US State of Cybercrime Survey. You can find out all about this at cert.org. They give interesting statistics, not only for threats from the outside, but also for insider threats.

And in this latest survey, 28% of the attacks that people had came from inside of the organization. So over a quarter of these attacks were insiders that were causing these problems. 32% of the respondents said that the damage from an insider attack was more damaging than someone from the outside. Having that level of access on the inside of your network certainly gives people more rights and permissions. And when there’s a problem, they are sometimes creating more of a security problem.

In the 2014 survey, 75% of the respondents said that the insider incidents were never handled with any type of legal action. They were able to take care of things internally within the organization. So you have to think that just because you’re not hearing about the insider threats doesn’t mean that they’re occurring.

In fact, in the vast majority of cases, you will never hear about these insider threats because they don’t go to court. They’re not made public. There’s not a press release. They are simply handled internally.