I understand that a threat is a possible security violation that might exploit the vulnerability of a system, and a attack is an action on a system that harms the organisation in some way. Therefore, we should detect attacks and prevent or mitigate threats.
However, when I look on multiple cybersecurity sources focused on insider issues, the most of them talk only about the insider threats and do not talk about the insider attacks at all. In addition, they multiple times use the term insider threat even for actions that should be considered as attacks. You can see it, for example, in:
Can, please, someone explain me, what is the difference between insider attack and insider threat? Why it seems that it has a different meaning regarding insiders than in general usage? Why is mostly used term just insider threat?
Go to Source