Main Article Content

Abstract

An insider cyber threat is a person or process with malicious intention with an access (authorized or non-authorized) to an organization's network, system, or data storage devices containing information in any form. Such an access has a potential capability to negatively affect the confidentiality, integrity, or availability of the organization's information or information systems. Traditional network security systems like Intrusion Detection and Prevention Systems protect the network from external attackers by limiting network connectivity between the extranet and intranet and closely monitoring the networkstream.


Since an insider attack is “inside” the organization his activities are go undetected by such systems which are typically located outside the LAN as a network gateway – whereas the insider is able to access the LAN systems from behind the gateway. Also an insider is aware of the structure of the network systems and the organization in general which help him plan the attack quickly without being noticed.

Article Details