Page 1369 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1369
Our ability to respond to such an attack would be greatly diminished if
the physical attack were simultaneously launched with a computer
attack designed to knock out power and communications.
Most large power and communications companies have dedicated a
security staff to ensure the security of their systems, but many smaller
businesses that have systems connected to the internet are more
vulnerable to attacks. You must diligently monitor your systems to
identify any attacks and then respond swiftly when an attack is
discovered.
Grudge Attacks
Grudge attacks are attacks that are carried out to damage an
organization or a person. The damage could be in the loss of
information or information processing capabilities or harm to the
organization or a person’s reputation. The motivation behind a grudge
attack is usually a feeling of resentment, and the attacker could be a
current or former employee or someone who wishes ill will upon an
organization. The attacker is disgruntled with the victim and takes out
their frustration in the form of a grudge attack.
An employee who has recently been fired is a prime example of a
person who might carry out a grudge attack to “get back” at the
organization. Another example is a person who has been rejected in a
personal relationship with another employee. The person who has
been rejected might launch an attack to destroy data on the victim’s
system.
The Insider Threat
It’s common for security professionals to focus on the threat from
outside an organization. Indeed, many of our security technologies
are designed to keep unauthorized individuals out. We often don’t
pay enough (or much!) attention to protecting our organizations
against the malicious insider, even though they often pose the
greatest risk to our computing assets.
