Abstract
Organisations today operate in a world fraught with threats, including “script kiddies”, hackers, hacktivists and advanced persistent threats. Although these threats can be harmful to an enterprise, a potentially more devastating and anecdotally more likely threat is that of the malicious insider. These trusted individuals have access to valuable company systems and data, and are well placed to undermine security measures and to attack their employers. In this paper, we engage in a critical reflection on the insider threat in order to better understand the nature of attacks, associated human factors, perceptions of threats, and detection approaches. We differentiate our work from other contributions by moving away from a purely academic perspective, and instead focus on distilling industrial reports (i.e., those that capture practitioners’ experiences and feedback) and case studies in order to truly appreciate how insider attacks occur in practice and how viable preventative solutions may be developed.
Keywords
Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Computer Economics: Malicious insider threats (2010), http://www.computereconomics.com/page.cfm?name=Insider_Threats
Ponemon Institute and Attachmate Corporation: The risk of insider fraud second annual study: Executive summary (2013), http://www.attachmate.com/resources/analyst-papers/bridge-ponemon-insider-fraud-survey.htm
PricewaterhouseCoopers: The global state of information security® 2014 (2013), http://www.pwc.com/gx/en/consulting-services/information-security-survey/index.jhtml
PricewaterhouseCoopers: US state of cybercrime survey (2013), http://www.pwc.com/us/en/increasing-it-effectiveness/publications/us-state-of-cybercrime.jhtml
Whitty, M., Wright, G.: Deliverable 3.1 - Short report of findings from Case Studies (Corporate Insider Threat Detection project), Leicester University Report (2013)
Cappelli, D.M., Moore, A.P., Trzeciak, R.F.: The CERT Guide to Insider Threats. Addison-Wesley (2012)
McAfee and Evalueserve: State of security (2011), http://www.mcafee.com/us/resources/white-papers/wp-state-of-security.pdf
PricewaterhouseCoopers: Cybercrime: Protecting against the growing threat (2012), http://www.pwc.tw/en/publications/events-and-trends/e256.jhtml
Hunker, J., Probst, C.W.: Insiders and insider threats – an overview of definitions and mitigation techniques. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications 2(1), 4–27 (2011)
Kroll Advisory Solutions and Economist Intelligence Unit: The global fraud report 2012/13 (2012), http://www.kroll.com/library/KRL_FraudReport2012-13.pdf
Shaw, E.D., Stock, H.V.: Behavioral risk indicators of malicious insider theft of intellectual property: Misreading the writing on the wall, Symantec Report (2011)
Moore, A.P., Cappelli, D.M., Caron, T.C., Shaw, E., Spooner, D., Trzeciak, R.F.: A preliminary model of insider theft of intellectual property. Technical report, CMU-CERT (2011)
Kaspersky: Threatpost series: Insider threats (2011), http://usa.kaspersky.com/resources/knowledge-center/threatpost
Moore, A.P., Cappelli, D.M., Trzeciak, R.F.: The “big picture” of insider IT sabotage across U.S. critical infrastructures. Technical report, CMU-CERT (2008)
FBI: Fannie Mae corporate intruder sentenced to over three years in prison for attempting to wipe out fannie mae financial data (2010), http://www.fbi.gov/baltimore/press-releases/2010/ba121710.htm
Allen, B.: The accidental insider threat: Is your organization ready (expert voices panel) (2012), http://www.boozallen.com/media/file/Accidental-Insider-Threat-Panel-Discussion-Transcript.pdf
Credant: Insider threat (2011), http://go.credant.com/campaigns-insider
Clearswift: The enemy within: an emerging threat (2013), http://www.clearswift.com/blog/2013/05/02/enemy-within-emerging-threat
Wall, D.S.: Organizational security and the insider threat: Malicious, negligent and well-meaning insiders. Technical report, Symantec (2011)
Turner, J.T., Gelles, M.: Threat assessment: A risk management approach. Routledge (2003)
CPNI: CPNI insider data collection study – report of main findings (2013), http://www.cpni.gov.uk/Documents/Publications/2013/2013003-insider_data_collection_study.pdf
Holton, C.: Identifying disgruntled employee systems fraud risk through text mining: A simple solution for a multi-billion dollar problem. Decision Support Systems 46(4), 853–864 (2009)
The Department for Business, Innovation and Skills (BIS) & PricewaterhouseCoopers: 2013 Information security breaches survey (2013)
Sky News: MoD secrets leaked onto the Internet (2010), http://news.sky.com/story/753966/mod-secrets-leaked-onto-the-internet
Harrysson, M., Metayer, E., Sarrazin, H.: How not to unwittingly reveal company secrets (Harvard Business Review blog network) (2012), http://blogs.hbr.org/2012/12/how-not-to-unwittingly-reveal/
Kaspersky: Threatpost’s insider threats survey (2011), http://usa.kaspersky.com/resources/knowledge-center/threatpost
Patcha, A., Park, J.M.: An overview of anomaly detection techniques: Existing solutions and latest technological trends. Computer Networks 51(12), 3448–3470 (2007)
Salem, M., Hershkop, S., Stolfo, S.: A survey of insider attack detection research. In: Stolfo, S., Bellovin, S., Keromytis, A., Hershkop, S., Smith, S., Sinclair, S. (eds.) Insider Attack and Cyber Security. Advances in Information Security, vol. 39, pp. 69–90. Springer US (2008)
Brdiczka, O., Liu, J., Price, B., Shen, J., Patil, A., Chow, R., Bart, E., Ducheneaut, N.: Proactive insider threat detection through graph learning and psychological context. In: IEEE Symposium on Security and Privacy Workshops (2012)
Greitzer, F.L., Hohimer, R.E.: Modeling human behavior to anticipate insider attacks. Journal of Strategic Security 4(2), 25–48 (2011)
Greitzer, F.L., Kangas, L.J., Noonan, C.F., Dalton, A.C., Hohimer, R.E.: Identifying at-risk employees: Modeling psychosocial precursors of potential insider threats. In: 45th Hawaii International Conference on System Science. IEEE (2012)
Kandias, M., Mylonas, A., Virvilis, N., Theoharidou, M., Gritzalis, D.: An insider threat prediction model. In: Katsikas, S., Lopez, J., Soriano, M. (eds.) TrustBus 2010. LNCS, vol. 6264, pp. 26–37. Springer, Heidelberg (2010)
Glasser, J., Lindauer, B.: Bridging the gap: A pragmatic approach to generating insider threat data. In: IEEE Symposium on Security and Privacy Workshops (2013)
Legg, P.A., Moffat, N., Nurse, J.R.C., Happa, J., Agrafiotis, I., Goldsmith, M., Creese, S.: Towards a conceptual model and reasoning structure for insider threat detection. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications 4(4), 20–37 (2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Nurse, J.R.C. et al. (2014). A Critical Reflection on the Threat from Human Insiders – Its Nature, Industry Perceptions, and Detection Approaches. In: Tryfonas, T., Askoxylakis, I. (eds) Human Aspects of Information Security, Privacy, and Trust. HAS 2014. Lecture Notes in Computer Science, vol 8533. Springer, Cham. https://doi.org/10.1007/978-3-319-07620-1_24
Download citation
DOI: https://doi.org/10.1007/978-3-319-07620-1_24
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07619-5
Online ISBN: 978-3-319-07620-1
eBook Packages: Computer ScienceComputer Science (R0)