Chapter 12

Computer Networks: Protection from Internal Threat

Internal threat is associated with those who work from inside an organization and conduct theft of classified or proprietary information or inflict harm to the organization. The insider has motivations that tend more toward the psychological, as compared to the person presenting external threat. If we consider an employee or contractor who is working inside an organization or within the government, then that person has to be motivated in one or a combination of ways. These motivations usually include:

  • Opportunity for monetary gain
  • Disgruntled—some event occurred to hurt the perpetrator who now seeks revenge
  • Lack of advancement at a self-perceived rate
  • What I call the James Bond syndrome, in which the person is delusional and wants to be a real spy
  • Ideology
  • Seeks recognition from anyone, even an adversary

There is a second type of threat from the insider; however, it is really a form of external threat. I refer to true insider threat as insider threat with intent. This means that true insider threat is an internal person who desires either to inflict harm or to take away property, including intellectual property or classified material. The second category, insider threat without intent, is a form of external threat in which the external attacker uses an internal person as an unwitting accomplice. The classic example is a phishing attack. With this form of attack, although there are many variations, the external attacker ...

Get Predicting Malicious Behavior: Tools and Techniques for Ensuring Global Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.