Redefining insider threats: a distinction between insider hazards and insider threats

Abstract

This article suggests a new definition of insiders and insider threats. It refrains from applying a harm-oriented perspective that concentrates on the insider’s intention to cause harm because it defines the insider threat either too narrow or too broad. Instead, a privilege-oriented perspective is applied that focuses on the insider’s intention to misuse his privileged access to or knowledge about the organizational assets. Because existing privilege-oriented definitions refrain from making an explicit and clear-cut division between intentional and unintentional misuse of privilege, a new conceptualization is suggested that distinguishes insider hazards from insider threats. If the insider unintentionally misuses his insider privilege, it concerns an insider hazard. If the insider intentionally misuses his insider privilege, it is regarded as an insider threat.

This is a preview of subscription content, log in to check access.

Fig. 1

Notes

  1. 1.

    Although insiders can be both male or female, we systematically use the male pronoun to refer to the insider instead of always referring to he or she for reasons of text readability.

References

  1. Albrechtsen, Eirik. Security vs safety. Semantic Scholar. Aug 2003. https://pdfs.semanticscholar.org/451c/18d9b07ecda89b367095c48582358a1f3c51.pdf. Accessed 13 Nov 2019.

  2. BaMaung, David, David McIlhatton, Murdo MacDonald, and Rona Beattie. 2018. The Enemy Within? The Connection between Insider Threat and Terrorism. Studies in Conflict & Terrorism 41 (2): 133–150.

    Article  Google Scholar 

  3. Becker, Howard. 1963. Outsiders. In Outsiders: Studies in the Socioloy of Deviance, ed. Howard Becker, 1–15. New York: The Free Press.

    Google Scholar 

  4. Bishop, Matt, Carrie Gates, Deb Frincke, and Frank L. Greitzer. AZALIA: an A to Z Assessment of the Likelihood of Insider Attack. In IEEE Conference on Technologies for Homeland Security: 385–392. Boston: IEEE, 2009.

  5. Bishop, Matt, et al. 2010. A Risk Management Approach to the 'Insider Threat'. In Insider Threats in Cyber Security, ed. Christian W. Probst, Jeffrey Hunker, Dieter Gollmann, and Matt Bishop, 115–137. Boston: Springer.

    Google Scholar 

  6. Bunn, Matthew, and Kathryn M. Glynn. 2016. Preventing Insider Theft: Lessons from the Casino and Pharmaceutical Industries. In Insider Threats, ed. Matthew Bunn and Scott Sagan, 121–144. Ithaca: Cornell University Press.

    Google Scholar 

  7. Bunn, Matthew, and Scott Sagan. 2016. Insider Threats. Ithaca: Cornell University Press.

    Google Scholar 

  8. Chipperfield, Caroline, and Steven Furnell. 2010. From security policy to practice: Sending the right messages. Computer Fraud & Security 2010: 13–19.

    Article  Google Scholar 

  9. Cole, Eric, and Sandra Ring. 2006. What Is There to Worry About? In Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft, ed. Eric Cole and Sandra Ring, 3–48. Rockland, MA: Syngress Publishing Inc.

    Google Scholar 

  10. Colwill, Carl. 2009. Human factors in information security: The insider threat—Who can you trust these days? Information Security Technical Report 14: 186–196.

    Article  Google Scholar 

  11. Commonwealth of Australia. 2014. Managing the Insider Threat to Your Business: A Personnel Security Handbook. Australia: Commonwealth of Australia.

    Google Scholar 

  12. Coolsaet, Rik. 2016. Facing the Fourth Foreign Fighters Wave: What Drives Europeans to Syria, and to Islamic State? Insights from the Belgian Case. Brussels: Egmont Royal Institute for International Relations.

    Google Scholar 

  13. Coolsaet, Rik. 2015. Wat drijft de Syriëstrijder? [What motivates the Syrian foreign figher?]. Samenleving & Politiek: 4–13.

  14. De Morgen. Iljo Keisse vrijgesproken voor positieve dopingplas. [Iljo Keisse cleared from drug abuse]. De Morgen, 2 Nov 2009.

  15. De Morgen. Leukemans positief door blunder arts. [Leukemans Tests Positive Due to Mistake from Doctor]. De Morgen, 20 Dec 2007.

  16. De Morgen. Vlaamse topsporters krijgen extra infosessies over whereabouts. [Flemish Top Athletes Get Information Sessions on Whereabouts].De Morgen, 13 Nov 2009.

  17. De Standaard. Van Tichelt dicht bij schorsing. [Van Tichelt Close to Suspention]. De Standaard, 12 July 2012.

  18. De Standaard. Wielrenner Tosh Van der Sande vrijgesproken na positieve dopingtest: “Ik werd bestempeld als dopingzondaar terwijl ik enkel verklaring moest geven”. [Cyclist Tosh Van der Sande Cleared from Drug Abuse: "I was Labelled as a Traitor While I Only Had to Provide an Explanation"]. De Standaard, 23 Jan 2019.

  19. De Vleeschauwer, Thomas. 2019. BEVEILIGING VAN DE KRITISCHE INFRASTRUCTUUR: Het succes of falen van de veiligheidscultuur binnen Brussels Airport.[Securing the Critical Infrastructure: The Success or Failure of the Security Culture of Brussels Airport]. Antwerpen: Masterproef voorgelegd met het oog op het behalen van de graad van Master in de Internationale Betrekkingen en Diplomatie aan de Universiteit Antwerpen.

  20. Deffer, Frank. 2012. Transportation Security Administration has Taken Steps to Address the Insider Threat But Challenges Remain. Department of Homeland Security Office of Inspector General.

  21. Dekker, Sidney. 2017. Just Culture: Restoring Trust and Accountability in Your Organization. London: CRC Press.

    Google Scholar 

  22. Dekker, Sidney W.A. 2009. Just Culture: Who Gets To Draw the Line? Cognition, Technology & Work 11 (3): 177–185.

    Article  Google Scholar 

  23. Duval, Antoine. 2017. The Russian Doping Scandal at the Court of Arbitration for Sport: Lessons for the World Anti-doping System. International Sports Law Journal 16: 177–197.

    Article  Google Scholar 

  24. Elifoglu, I.Hilmi, Ivan Abel, and Özlem Tasseven. 2018. Minimizing Insider Threat Risk with Behavioral Monitoring. Review of Business: Interdisciplinary Journal of Risk and Society 38 (2): 61–73.

    Google Scholar 

  25. Fotheringham, William. Alberto Contador Gets Two-Year Ban and Stripped of 2010 Tour de France. The Guardian, 6 Feb 2012.

  26. Gallagher, Brendan. Michael Rasmussen Admits He Lied Over Missed Doping Tests Ahead of 2007 Tour de France. The Telegraph, 15 Nov 2011.

  27. Gelles, Michael. 2016. Insider Threat: Detection, Mitigation, Deterrence and Prevention. Oxford: Elsevier - Health Science Division.

    Google Scholar 

  28. Greco, Peter J. 2017. Insider Threat: The Unseen Dangers Posed by Badged Airport Employees and How to Mitigate Them. Journal of Air Law and Commerce 82: 717–742.

    Google Scholar 

  29. Greitzer, Frank L., Lars J. Kangas, Christine F. Noonan, Angela C. Dalton, and Ryan E. Hohimer. 2012. Identifying At-Risk Employees: Modeling Psychosocial Precursors of Potential Insider Threats. Hawaii International Conference on System Sciences: 2392–2401. Hawaii: IEEE Computer Society.

  30. Gundu, Tapiwa, and Stephen V. Flowerday. 2012. The Enemy Within: A Behavioural Intention Model and an Information Security Awareness Process. Information Security for South Africa (ISSA): 1–8. South Africa: IEEE.

  31. Hegghammer, Thomas, and Andreas Hoelstad Daehli. 2016. Insiders and Outsiders: A Survey of Terrorist Threats to Nuclear Facilities. In Matthew Bunn and Scott Sagan, ed. Insider Threats, 10–41. Ithaca: Cornell University Press.

    Google Scholar 

  32. Hern, Alex. "Fitness tracking app Strava gives away location of secret US Army Bases. The Guardian, 28 Jan 2018.

  33. Het Nieuwsblad. Ex-schepen Anick Berghmans krijgt 30 maanden cel, waarvan 24 met uitstel, voor rol bij plofkraak in Lommel.[Former Municipal Officer Anick Berghmans Sentenced to 30 Monhts in Jail, of Which 24 Suspended, for Complicity with Explosive Attack in Lommel].Het Nieuwsblad, 18 Oct 2019.

  34. Het Nieuwsblad. Vijftienjarige stagiair-garagist knalt met gestolen BMW in op auto’s op pechstrook na wilde politieachtervolging. [15-Year-Old Apprentice Mechanic Crashes Stolen BMW Into Cars On Road Service Area After Wild Police Chase]. Het Nieuwsblad, 11 Dec 2019.

  35. Ho, Shuyuan Mary, Michelle Kaarst-Brown, and Izak Benbasat. 2018. Trustworthiness Attribution: Inquiry Into Insider Threat Detection. Journal of the Association for Information Science and Technology 69 (2): 271–280.

    Article  Google Scholar 

  36. Information Security Forum. 2015. Managing the Insider Threat: Improving Trustworthiness. London: Information Security Forum Limited.

    Google Scholar 

  37. Ingle, Sean. Chris Froome Cleared by UCI in Anti-doping Investigation. The Guardian, 2 July 2018.

  38. Ingle, Sean. Chris Froome Q&A: How Long Could He Be Banned For and What Happens Next? The Guardian, 13 Dec 2017.

  39. Ingle, Sean, and Martha Kelner. Chris Froome Fights to Save Career After Failed Drugs Test Result. The Guardian, 13 Dec 2017.

  40. International Atomic Energy Agency. 2008. Preventive and Protective Measures against Insider Threats. Vienna: IAEA Nuclear Security Series 8.

  41. Katzenstein, Peter J. 1996. Introduction: Alternative Perspectives on National Security. In The Culture of National Security: Norms and Identity in World Politics, ed. Peter J. Katzenstein, 1–33. New York: Colombia University Press.

    Google Scholar 

  42. Krull, K. E. 2016. The Threat Among Us: Insiders Intensify Aviation Terrorism. Richland, Washington: Pacific Northwest National Laboratory - Prepared for the US Department of Energy.

  43. Loffi, Jon M., and Ryan J. Wallace. 2014. The Unmitigated Insider Threat to Aviation (Part 1): A Qualitative Analysis of Risks. Journal of Transportation Security 7: 289–305.

    Article  Google Scholar 

  44. Maasberg, Michele, John Warren, and Nicole L. Beebe. 2015. The Dark Side of the Insider: Detecting the Insider Threat Through Examination of Dark Triad Personality Traits. In 48th Hawaii International Conference on System Sciences: 3518–3526. Hawaii: IEEE Computer Society.

  45. McCall, Janice R., and Shawn Pruchnicki. 2017. Just Culture: A Case Study of Accountability Relationship Boundaries Influence on Safety in HIGH-Consequence Industries. Safety Science 94: 143–151.

    Article  Google Scholar 

  46. Munshi, Asmaa, Peter Dell, and Helen Armstrong. 2012. Insider Threat Behavior Factors: A Comparison of Theory with Reported. In 45th Hawaii International Conference on System Sciences: 2402–2411. Hawaii: IEEE Computer Society.

  47. National Insider Threat Task Force. 2016. Protect Your Organization from the Inside Out: Government Best Practices. Washington, DC: The National Counterintelligence and Security Center.

    Google Scholar 

  48. Neumann, Peter G. 2010. Combatting Insider Threats. In Insider Threats in Cyber Security, ed. Christian W. Probst, Jeffrey Hunker, Dieter Gollmann, and Bishop Matt, 17–44. Boston: Springer.

    Google Scholar 

  49. Noonan, C.F. 2018. Spy the Lie: Detecting Malicious Insiders. Richland, Washington: Pacific Northwest National Laboratory Prepared for the US Department of Energy.

    Google Scholar 

  50. NOS. Die langlaufer met het infuus in zijn arm is nu informant van politie en WADA. [The Cross-Country Skier with Drip in His Arm is Now Informant of the Police and WADA]. NOS, 26 Nov 2019.

  51. Nurse, Jason R. C., et al. 2014. Understanding Insider Threat: A Framework for Characterising Attacks. IEEE Security and Privacy Workshops: 214–228.

  52. Padayachee, Keshnee. 2016. An Assessment of Opportunity-Reducing Techniques in Information Security: An Insider Threat Perspective. Decision Support Systems 92: 47–56.

    Article  Google Scholar 

  53. Pauli, Walter. In de koers is je ploegmaat vaak je eerste vijand. [In Cycling Your Teammate is Often Your First Enemy]. De Morgen, 6 July 2011.

  54. Pfleeger, C.P. 2008. Reflections on the Insider Threat. In Insider Attack and Cyber Security. Advances in Information Security, ed. S.J. Stolfo, S.M. Bellovin, S. Keromytis, A.D. Hershkop, S.W. Smith, and S. Sinclair, 5–15. Boston, MA: Springer.

    Google Scholar 

  55. Probst, Christian W., Jeffrey Hunker, Dieter Gollmann, and Matt Bishop. 2010. Aspects of Insider Threats. In Insider Threats in Cyber Security, ed. Christian W. Probst, Jeffrey Hunker, Dieter Gollmann, and Matt Bishop, 1–15. Boston: Springer.

    Google Scholar 

  56. Randazzo, Marisa Reddy, Michelle Keeney, Eileen Kowalski, Drawn Cappelli, and Andrew Moore. 2005. Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector. Pittsburgh: Carnegie Mellon Software Engineering Institute.

    Google Scholar 

  57. Robinson, Sandra L., and Rebecca J. Bennett. 1995. A Typology of Deviant Workplace Behaviors: A Multidimensional Scaling Study. The Academy of Management Journal 38 (2): 555–572.

    Google Scholar 

  58. Sarkar, Kuheli Roy. 2010. Assessing Insider Threats to Information Security Using Technical, Behavioural and Organisational Measures. Information Security Technical Report 15: 112–133.

    Article  Google Scholar 

  59. Shaw, Eric, and Laura Sellers. 2015. Application of the Critical-Path Method to Evaluate Insider Risks. Studies in Intelligence 59 (2): 1–8.

    Google Scholar 

  60. Siponen, Mikko, and Jorma Kajava. 1998. Ontology of Organizational IT Security Awareness-from Theoretical Foundations to Practical Framework. In Proceedings Seventh IEEE International Workshop on Enabling Technologies: Infrastucture for Collaborative Enterprises: 327–331. Stanford, CA: IEEE.

  61. Siponen, Miko. 2000. A Conceptual Foundation for Organizational Information Security. Information Management & Computer Security 8 (1): 31–41.

    Article  Google Scholar 

  62. Steele, Sean, and Chris Wargo. 2007. An Introduction to Insider Threat Management. Information Systems Security 16: 23–33.

    Article  Google Scholar 

  63. Steneck, Nicolas H. 1994. Research Universities and Scientific Misconduct: History, Policies, and the Future. The Journal of Higher Education 65 (3): 310–330.

    Google Scholar 

  64. Thompson, Shawn M., and Gabriel Friedlander. 2016. Scope. In Insider Threat Program: Your 90-Day Plan, A Guide for Initiating, Developing and Implementing your Insider Threat Program, ed. Shawn M. Thompson and Gabriel Friedlander, 9–13. Boston: ObserveIT.

    Google Scholar 

  65. Van Cauwelaert, Rik. Een beetje doping doet wonderen.[A little doping works miracles].Knack, 29 July 1998.

  66. Nunen, Van, Marlies Sas Karolien, Genserik Reniers, Geert Vierendeels, Koen Ponnet, and Wim Hardyns. 2018. An Integrative Conceptual Framework for Physical Security Culture in Organisations. Journal of Integrated Security Science 2: 25–32.

    Google Scholar 

  67. von Solms, Rossouw, and Basie von Solms. 2004. From Policies to Culture. Computers & Security 23 (2004): 275–279.

    Article  Google Scholar 

  68. Wall, David S. 2013. Enemies Within: Redefining the Insider Threat in Organizational Security Policy. Security Journal 26: 107–124.

    Article  Google Scholar 

  69. Wikström, Per-Olof H. 2014. Why Crime Happens: A Situational Actions Theory. In Analytical Sociology: Actions and Networks, ed. Gianluca Manzo, 74–94. Chinchester: Wiley.

    Google Scholar 

  70. Willison, Robert, and Merrill Warkentin. 2013. Beyond Deterrence: An Expanded View of Employee Computer Abuse. MIS Quarterly 37 (1): 1–20.

    Article  Google Scholar 

  71. Zegart, Amy B. 2016. The Fort Hood Terrorist Attack: An Organizational Postmortem of Army and FBI Deficiencies. In Matthew Bunn and Scott Sagan, ed. Insider Threats, 42–73. Ithaca: Cornell University Press.

    Google Scholar 

Download references

Funding

Funding was provided by Bel-V, Brussels Airport Company, Elia, Engie-Electrabel, the Federal Agency of Nuclear Control (FANC) and G4S.

Author information

Affiliations

Authors

Corresponding author

Correspondence to Mathias Reveraert.

Ethics declarations

Conflict of interest

On behalf of all authors, the corresponding author states that there is no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Reveraert, M., Sauer, T. Redefining insider threats: a distinction between insider hazards and insider threats. Secur J (2020). https://doi.org/10.1057/s41284-020-00259-x

Download citation

Keywords

  • Insider threat
  • Insider hazard
  • Organizational culture
  • Organizational behavior
  • Security policy
  • Trust