Skip to content

Page057

Outsiders

Outsiders are unauthorized attackers with no authorized privileged access to a system or organization. The outsider seeks to gain unauthorized access. Outsiders launch the majority of attacks, but most are usually mitigated by defense-in-depth perimeter controls.

Insiders

An insider attack is launched by an internal user who may be authorized to use the system that is attacked. An insider attack may be intentional or accidental. Insider attacks range from poorly trained administrators who make mistakes, to malicious individuals who intentionally compromise the security of systems. An authorized insider who attacks a system may be in a position to cause significant impact.

NIST Special Publication 800-30 (https://csrc.nist.gov/publications/detail/sp/800-30/archive/2002-07-01) lists the following threat actions caused by insider attackers:

  • Assault on an employee
  • Blackmail
  • Browsing of proprietary information
  • Computer abuse
  • Fraud and theft
  • Information bribery
  • Input of falsified, corrupted data
  • Interception
  • Malicious code (e.g., virus, logic bomb, Trojan horse)
  • Sale of personal information
  • System bugs
  • System intrusion
  • System sabotage
  • Unauthorized system access[^19]

Insiders cause most high-impact security incidents. This point is sometimes debated: most attacks are launched by outside attackers. Defense-in-depth mitigates most outside attacks: Internet-facing firewalls may deny thousands of attacks or more per day. Most successful attacks are launched by insiders.