Organisations and information security practitioners are increasingly adept at addressing the threat posed by cyber-attack from external actors, however, the risks associated with trusted parties or insiders is often overlooked. The insider threat poses a significant risk with potentially severe consequences and as such deserves rigorous treatment within organisational risk management and security plans. This article provides an introduction to the insider risk, providing a basis from which information security professionals can begin to assess the risk to their own organisation and prepare accordingly. The author begins with an examination of the actors, motivations and form of insider attacks in conjunction with an overview of a number of conceptual models for describing and understanding them. The article then goes on to look at methods for protecting against insider attacks, discussing general approaches and providing a summary of best practice.
Please sign in or register for FREE to view this content
Sign in to E&T Cyber Security Hub
Register to E&T Cyber Security Hub
E&T Cyber Security Hub brings together engineers and cyber security specialists to share practical know-how. With content created ‘by engineers, for engineers,’ it provides peer-reviewed technical information, real-world insights, lessons learnt and case studies, as well as tools for networking and knowledge-sharing, profiles of experts and the opportunity for companies to showcase their expertise.