Hostname: page-component-cd9895bd7-mkpzs Total loading time: 0 Render date: 2024-12-28T19:24:04.911Z Has data issue: false hasContentIssue false

Developing a conceptual model for insider threat

Published online by Cambridge University Press:  13 November 2018

Monica T Whitty*
Affiliation:
Department of Media and Communication, University of Melbourne, Melbourne, VIC, Australia WMG, Cyber Security Centre, University of Warwick, Coventry, UK
*
*Corresponding author: [email protected]

Abstract

This paper sets out 99 case studies of insider attacks that took place in the UK. The study involved interviewing investigators, heads of security, information technologists, law enforcement, security officers, human resource managers, line managers, and coworkers who knew the insider. The analysis elucidates how to identify insiders and pathways to these attacks. It also highlights examples of archetypal insiders, in addition to the ‘disgruntled employee’ (e.g., ‘the show off’, ‘the career criminal’, ‘the addict’, etc.). In contrast to other studies, this study highlights multiple pathways to an attack. A conceptual model is set out that considers indicators (both physical and cyber) that might be monitored in an insider risk detection programme. The model stressors need to continuously seek out methods to close down opportunities as well as to monitor behavioural change. It also elucidates potential deterrence and prevention strategies for organisations to consider in an ethical and legal manner.

Type
Research Article
Copyright
© Cambridge University Press and Australian and New Zealand Academy of Management 2018

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Band, S. R., Cappelli, D. M., Fischer, L. F., Moore, A. P., Shaw, E. D., & Trzeciak, R. F. (2006). Comparing insider IT sabotage and espionage: A model-based analysis (Technical Report No. CMU/SEI-2006-TR-026). Pittsburgh, PA: Software Engineering Institute. Retrieved from https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=8163 Google Scholar
Cappelli, D. M., Moore, A. P., & Trzeciak, R. F. (2012). The CERT guide to insider threats: How to prevent, detect, and respond to information technology crimes. USA: Addison-Wesley Professional.Google Scholar
CERT Program (Carnegie Mellon University) and Deloitte (2011). CyberSecurity watch survey: Organisations need more skills cyber professionals to stay secure. CSO Magazine Retrieved from http://www.sei.cmu.edu/newsitems/cybersecurity watch survey 2011.cfm Google Scholar
CIFAS (2012). Staff Fraudscape: Depicting the UK’s staff fraud landscape Retrieved April 8, fromhttps://www.cifas.org.uk/secure/contentPORT/uploads/documents/Cifas%20Reports/External-0-StaffFraudscape_2012.pdf Google Scholar
CPNI (2013). CPNI insider data collection study – Report of main findings [Report]. Retrieved from http://www.cpni.gov.uk/Documents/Publications/2013/2013003-insider_data_collection_study.pdf Google Scholar
Cressey, D. R. (1953). Other people’s money: A study in the social psychology of embezzlement. Glencoe: The Free Press.Google Scholar
De Choudhury, M., & Counts, S. (2013). Understanding affect in the workplace via social media. Proceedings of the 2013 conference on computer supported cooperative work, pp. 303–316.CrossRefGoogle Scholar
Freud, A. (1936/1992). The ego and the mechanisms of defence. London: Karnac Books.Google Scholar
Gill, M. (2007). Learning from fraudsters: Reinforcing the message. London: Protiviti.Google Scholar
Glaser, B. G., & Strauss, A. (1967). The discovery of grounded theory: Strategies for qualitative research. Chicago, USA: Aldine Publishing Co.Google Scholar
Greitzer, F. L., & Frincke, D. A. (2010). Combining traditional cyber security audit data with psychosocial data: Towards predictive modelling for insider threat mitigation. Advances in Information Security, 49, 85113.Google Scholar
Hogenboom, A., Bal, D., Frasincar, F., Bal, M., de Jong, F., & Kaymak, U. (2013). Exploiting emoticons in sentiment analysis. Proceedings of the 28th annual ACM symposium on applied computing, pp. 703–710.CrossRefGoogle Scholar
Huber, W. D. (2016). Forensic accounting, fraud theory, and the end of the fraud triangle. Journal of Theoretical Accounting Research, 12(2), 2848.Google Scholar
Kroll (2015). Global fraud report: Vulnerabilities on the rise. Retrieved from http://anticorruzione.eu/wp-content/uploads/2015/09/Kroll_Global_Fraud_Report_2015low-copia.pdf Google Scholar
Legg, P., Moffat, N., Nurse, J. R. C., Happa, J., Agrafiotis, I., Goldsmith, M., & Creese, S. (2013). Towards a conceptual model and reasoning structure for insider threat detection. Journal of Wireless Mobile Networks Ubiquitous Computing and Dependable Applications, 4(4), 2037.Google Scholar
Magklaras, G. B., & Furnell, S. M. (2001). Insider threat prediction tool: Evaluating the probability of IT misuse. Computers & Security, 21(1), 6273.CrossRefGoogle Scholar
Maloof, M. A., & Stephens, G. D. (2007). ELICIT: A system for detecting insiders who violate need-to-know. RAID, International Workshop on Recent Advances in Intrusion Detection, 146166.CrossRefGoogle Scholar
Moore, A. P., Cappelli, D., Caron, T. C., Shaw, E., Spooner, D., & Trzeciak, R. F. (2011). A preliminary model of insider theft of intellectual property (Technical Report No. CMU/SEI-2011-TN-013). Pittsburgh, PA: Software Engineering Institute. Retrieved from http://repository.cmu.edu/cgi/viewcontent.cgi?article=1722&context=sei Google Scholar
Moore, A. P., Cappelli, D. M., & Trzeciak, R. F. (2008). The “big picture” of insider IT sabotage across US critical infrastructures (Technical Report No. CMU/SEI-2008-TR-009). Pittsburgh, PA: Software Engineering Institute. Retrieved from http://www.cert.org/archive/pdf/08tr009.pdf Google Scholar
Nurse, J.R.C., Buckley, O., Legg, P. A., Goldsmith, M., Creese, S., Wright, G. R. T., & Whitty, M. (2014). Understanding insider threat: A framework for characterising attacks, IEEE Security and Privacy Workshops.CrossRefGoogle Scholar
Ophoff, J., Jensen, A., Sanderson-Smith, J., Porter, M., & Johnston, K. (2014). A descriptive literature review and classification of insider threat research. Proceedings of Informing Science & IT Education Conference (InSITE), 2014 (pp. 211-223).CrossRefGoogle Scholar
Park, H., Blenkinsopp, J., Kemal Oktem, M., & Omurgonulsen, Y. (2008). Cultural orientation and attitudes towards different forms of whistleblowing: A comparison of South Korea, Turkey and the UK. Journal of Business Ethics, 82(4), 929939.CrossRefGoogle Scholar
Randazzo, M. R., Kenney, M., Kowalski, E., Cappelli, D., & Moore, A. (2005). Insider threat study: Illicit cyber activity in the banking and finance sector. Technical report: Carnegie Mellon Software Engineering Institute. Retrieved from http://www.dtic.mil/dtic/tr/fulltext/u2/a441249.pdf Google Scholar
Richardson, R. (2011). CSI computer crime and security survey. Retrieved from http://www.GoCSI.com Google Scholar
Schuchter, A., & Levi, M. (2016). The fraud triangle revisited. Security Journal, 29(2), 107121.CrossRefGoogle Scholar
Schultz, E. E. (2002). A framework for understanding and predicting insider attacks. Computers & Security, 21(1), 6273.CrossRefGoogle Scholar
Shaw, E. D., & Stock, H. V. (2011). Behavioral risk indicators of malicious insider theft of intellectual property: Misreading the writing on the wall (White paper). Symantec. Retrieved from https://scm.symantec.com/resources/21220067_GA_WP_Malicious_Insider_12_11_dai81510_cta56681.pdf Google Scholar
Strauss, A., & Corbin, J. (1988). Basics of qualitative research: Grounded theory procedures and technique. London: Sage.Google Scholar
Taylor, P. J., Dando, C. J., Ormerod, T. C., Ball, L. J., Jenkins, M. C., Sandham, A., & Menacere, T. (2013). Detecting insider threat through language change. Law and Human Behavior, 37(4), 267275.CrossRefGoogle Scholar
Turner, J. T., & Gelles, M. (2003). Threat assessment: A risk management approach. New York, USA: Routledge.Google Scholar
Willison, R., & Siponen, M. (2009). Overcoming the insider: Reducing employee crime through Situational Crime Prevention. Communications of the ACM, 52(9), 133137.CrossRefGoogle Scholar