medium
Single Answer
0Latisha is conducting a security review and notices that one of her users consistently uses her organization’s VPN from Chile while the employee is based in the United States. After reviewing logs, she notes that the user is sometimes logged in from both the US and the remote location in Chile, and believes that the user may be allowing a third party to access their VPN account to perform some or all of their job tasks. What type of threat most accu- rately describes this?
Answer Options
A
Anomalous
B
Insider
C
Social engineering
D
Nation- state
Correct Answer: B
Explanation
The employee at Latisha’s company can be considered an insider threat because they have provided access to a third party. Most organizations will terminate employees who do this due to violations of their acceptable use policy (AUP). The behavior is anomalous, but an insider threat is a better description. No social engineering is evident, nor is a nation- state actor described.