Difficulty: Easy
Correct Answer: Correct
Explanation:
Introduction / Context:
Security programs must balance defenses against external attackers and internal actors. Insider threats—whether malicious or accidental—can be particularly damaging because insiders already possess credentials, context, and legitimate access paths that bypass many perimeter controls.
Given Data / Assumptions:
Concept / Approach:
Because insiders operate within trust boundaries, their actions are harder to detect with traditional perimeter tools. Privilege misuse, data exfiltration, and configuration errors frequently originate internally. Therefore, zero-trust principles, least privilege, and continuous behavioral analytics are essential. External threats remain critical, but numerous breach reports show internal vectors—intentional or accidental—are often the proximate cause.
Step-by-Step Solution:
Inventory privileged accounts and reduce standing privileges.Implement just-in-time access and multi-factor authentication.Log and monitor administrative actions with independent review.Deploy DLP and anomaly detection to spot unusual data movements.Train staff to avoid phishing and report suspicious activity.
Verification / Alternative check:
Run red-team exercises simulating insider misuse; compare detection and response times versus external phishing scenarios to assess relative risk and control efficacy.
Why Other Options Are Wrong:
Incorrect: ignores well-documented insider risk.Only for small firms or no firewalls: insider risk affects all sizes and architectures.
Common Pitfalls:
Over-reliance on perimeter defense, inadequate logging of admin actions, and failing to separate duties between development, operations, and security teams.
Final Answer:
Correct
Discussion & Comments