What attack vector is represented by an insider using a malware-loaded USB device?

The attack vector represented by an insider using a malware-loaded USB device is classified as removable media. This involves the use of portable storage devices, such as USB flash drives, that can be connected to computers to facilitate data transfer. When an insider introduces a compromised USB device into an organization’s network, they may unknowingly or maliciously infect systems with malware.

Removable media attacks capitalize on the physical access an insider has to the organization's infrastructure, bypassing network-based defenses. Such attacks are compelling because they often exploit the trust placed in physical devices. Unlike other attack vectors, like email or phishing, which involve social engineering and remote exploitation, removable media attacks are direct and can quickly spread malware once the device is connected to a system.

This type of attack underscores the importance of security policies regarding the use of removable media in order to mitigate the risks associated with unauthorized devices connecting to the network.