Search results

This paper presents the process of constructing a language tailored to describing insider threat incidents, for the purposes of mitigating threats originating from legitimate users in an IT infrastructure.

Various information security surveys indicate that misuse by legitimate (insider) users has serious implications for the health of IT environments. A brief discussion of survey data and insider threat concepts is followed by an overview of existing research efforts to mitigate this particular problem. None of the existing insider threat mitigation frameworks provide facilities for systematically describing the elements of misuse incidents, and thus all threat mitigation frameworks could benefit from the existence of a domain specific language for describing legitimate user actions.

The paper presents a language development methodology which centres upon ways to abstract the insider threat domain and approaches to encode the abstracted information into language semantics. The language construction methodology is based upon observed information security survey trends and the study of existing insider threat and intrusion specification frameworks.

This paper summarizes the picture of the insider threat in IT infrastructures and provides a useful reference for insider threat modeling researchers by indicating ways to abstract insider threats.

One of the most important Information Security (IS) concerns nowadays is data theft or data leakage. To mitigate this type of risk, organisations use a solid infrastructure and deploy multiple layers of security protection technology and protocols such as firewalls, VPNs and IPsec VPN. However, these technologies do not guarantee data protection, and especially from insiders. Insider threat is a critical risk that can cause harm to the organisation through data theft. The main purpose of this study was to investigate and identify the threats related to data theft caused by insiders in organisations and explore the efforts made by them to control data leakage.

The study proposed a conceptual model to protect organisations’ data by preventing data theft by malicious insiders. The researchers conducted a comprehensive literature review to achieve the objectives of this study. The collection of the data for this study is based on earlier studies conducted by several researchers from January 2011 to December 2020. All the selected literature is from journal articles, conference articles and conference proceedings using various databases.

The study revealed three main findings: first, the main risks inherent in data theft are financial fraud, intellectual property theft, and sabotage of IT infrastructure. Second, there are still some organisations that are not considering data theft by insiders as being a severe risk that should be well controlled. Lastly, the main factors motivating the insiders to perform data leakage activities are financial gain, lack of fairness and justice in the workplace, the psychology or characteristics of the insiders, new technologies, lack of education and awareness and lack of management tools for understanding insider threats.

The study provides a holistic view of data theft by insiders, focusing on the problem from an organisational point of view. Organisations can therefore take into consideration our recommendations to reduce the risks of data leakage by their employees.

Malicious activities conducted by disgruntled employees via an email platform can cause profound damage to an organization such as financial and reputational losses. This threat is known as an “Insider IT Sabotage” threat. This involves employees misusing their access rights to harm the organization. Events leading up to the attack are not technical but rather behavioural. The problem is that owing to the high volume and complexity of emails, the risk of insider IT sabotage cannot be diminished with rule-based approaches.

Malicious human behaviours that insiders within the insider IT sabotage category would possess are studied and mapped to phrases that would appear in email communications. A large email data set is classified according to behavioural characteristics of these employees. Machine learning algorithms are used to identify occurrences of this insider threat type. The accuracy of these approaches is measured.

It is shown in this paper that suspicious behaviour of disgruntled employees can be discovered, by means of machine intelligence techniques. The output of the machine learning classifier depends mainly on the depth and quality of the phrases and behaviour analysis, cleansing and number of email attributes examined. This process of labelling content in isolation could be improved if other attributes of the email data are included, such that a confidence score can be computed for each user.

This research presents a novel approach to show that the creation of a prototype that can automate the detection of insider IT sabotage within email systems to mitigate the risk within organizations.

Intellectual property (IP) theft is an increasing threat that can lead to large financial losses and reputational harm. These attacks are typically noticed only after the IP is stolen, which is usually too late. This paper aims to investigate the psychological profile and the socio-technical events that statistically predict the likelihood of an IP threat.

This paper analyses 86 IP theft cases found in court documents. Two novel analyses are conducted. The research uses LLMs to analyse the personality of these insiders, which is followed by an investigation of the pathways to the attack using behaviour sequence analysis (BSA).

These IP theft insiders scored significantly higher on measures of Machiavellianism compared to the normal population. Socio-technical variables, including IP theft via photographs, travelling overseas, approaching multiple organisations and delivering presentations, were identified. Contrary to previous assumptions that there is a single pathway to an attack, the authors found that multiple, complex pathways lead to an attack (sometimes multiple attacks). This work, therefore, provides a new framework for considering critical pathways to insider attacks.

These findings reveal that IP theft insiders may come across as charming, star employees rather than the stereotype of disgruntled employees. Moreover, organisations’ policies may need to consider that IP theft occurs via non-linear and multiple pathways. This means that sequences of events need to be considered in detecting these attacks instead of anomalies outright. The authors also argue that there may be a case for “continuous evaluation” to detect insider activity.

This paper offers a new framework for understanding and studying insider threats. Instead of a single critical pathway, this work demonstrates the need to consider multiple interconnected pathways. It elucidates the importance of a multidisciplinary approach and provides opportunities to reconsider current practices in detection and prevention.

The purpose of this paper is to explore the human factors triggering information leakage and investigate how companies mitigate insider threat for information sharing integrity.

The methodology employed is multiple case studies approach with in-depth interviews with five multinational enterprises (MNEs)/multinational corporations (MNCs).

The findings reveal that information leakage can be approached with human governance mechanism such as organizational ethical climate and information security culture. Besides, higher frequency of leakages negatively affects information sharing integrity. Moreover, this paper also contributes to a research framework which could be a guide to overcome information leakage issue in information sharing.

The current study involved MNCs/MNEs operating in Malaysia, while companies in other countries may have different ethical climate and information sharing culture. Thus, for future research, it will be good to replicate the study in a larger geographic region to verify the findings and insights of this research.

This research contributes to the industry and business that are striving toward solving the mounting problem of information leakage by raising awareness of human factors and to take appropriate mitigating governance strategies to pre-empt information leakage. This paper also contributes to a novel theoretical model that characterizes the iniquities of humans in sharing information, and suggests measures which could be a guide to avert disruptive leakages.

This paper is likely an unprecedented research in molding human governance in the domain of information sharing and its Achilles’ heel which is information leakage.

Despite ongoing reports of insider-driven leakage of confidential data, both academic scholars and practitioners tend to focus on external threats and favour information technology (IT)-centric solutions to secure and strengthen their information security ecosystem. Unfortunately, they pay little attention to human resource management (HRM) solutions. This paper aims to address this gap and proposes an actionable human resource (HR)-centric and artificial intelligence (AI)-driven framework.

The paper highlights the dangers posed by insider threats and presents key findings from a Leximancer-based analysis of a rapid literature review on the role, nature and contribution of HRM for information security, especially in addressing insider threats. The study also discusses the limitations of these solutions and proposes an HR-in-the-loop model, driven by AI and machine learning to mitigate these limitations.

The paper argues that AI promises to offer many HRM-centric opportunities to fortify the information security architecture if used strategically and intelligently. The HR-in-the-loop model can ensure that the human factors are considered when designing information security solutions. By combining AI and machine learning with human expertise, this model can provide an effective and comprehensive approach to addressing insider threats.

The paper fills the research gap on the critical role of HR in securing and strengthening information security. It makes further contribution in identifying the limitations of HRM solutions in info security and how AI and machine learning can be leveraged to address these limitations to some extent.

The purpose of this paper is to highlight the potential role that the so-called “toxic triangle” (Padilla et al., 2007) can play in undermining the processes around effectiveness. It is the interaction between leaders, organisational members, and the environmental context in which those interactions occur that has the potential to generate dysfunctional behaviours and processes. The paper seeks to set out a set of issues that would seem to be worthy of further consideration within the Journal and which deal with the relationships between organisational effectiveness and the threats from insiders.

The paper adopts a systems approach to the threats from insiders and the manner in which it impacts on organisation effectiveness. The ultimate goal of the paper is to stimulate further debate and discussion around the issues.

The paper adds to the discussions around effectiveness by highlighting how senior managers can create the conditions in which failure can occur through the erosion of controls, poor decision making, and the creation of a culture that has the potential to generate failure. Within this setting, insiders can serve to trigger a series of failures by their actions and for which the controls in place are either ineffective or have been by-passed as a result of insider knowledge.

The issues raised in this paper need to be tested empirically as a means of providing a clear evidence base in support of their relationships with the generation of organisational ineffectiveness.

The paper aims to raise awareness and stimulate thinking by practising managers around the role that the “toxic triangle” of issues can play in creating the conditions by which organisations can incubate the potential for crisis.

The paper seeks to bring together a disparate body of published work within the context of “organisational effectiveness” and sets out a series of dark characteristics that organisations need to consider if they are to avoid failure. The paper argues the case that effectiveness can be a fragile construct and that the mechanisms that generate failure also need to be actively considered when discussing what effectiveness means in practice.

The authors argue that the current studies about malicious insiders confuse the fact that malicious attacks belong to two different categories, namely, those that launch instrumental attacks and expressive attacks. The authors collect malicious insider data from publicly available sources and use text-mining techniques to analyze the association between malicious insiders’ characteristics and the different types of attack.

The authors investigated the relationship between personality characteristics and different types of malicious attacks. For the personality characteristics, the authors use the same method as Liang et al. (2016), which extracted these characteristics based on a keyword-characteristic dictionary. For different types of malicious attacks, two raters rated each case based on criteria modified from criminology research to determine the degree of expressiveness and instrumentality.

The results show that malicious insiders who are manipulative or seeking personal gain tend to carry out instrumental attacks. Malicious insiders who are arrogant tend to conduct expressive attacks.

This study uses third party articles to identify the personality characteristics of known malicious insiders. As such, not all personality characteristics may have been reported. Data availability was an issue.

Understanding if different personality characteristics lead different types of attacks can help managers identify employees who exhibit them and mitigate an attack before it occurs.

Malicious insider attacks can have devastating results on businesses and employees. Help to identify potential malicious insiders before they act, may prevent undue harm.

This study used 132 cases of none malicious insiders to examine their attack objectives. No other study that the authors know of used that many cases.

The purpose of this paper is to demonstrate how document protection has become a key object of concern for organizations, how the threat of leaks has led to an increase in security technologies and policies and how these developments present new and emergent ethnographic challenges for researchers. Through a study of a South Korean organization, the paper aims to demonstrate the ways workplace documents are figured into wider legal, regulatory and cyber security concerns.

The research is based on 12 months of intensive embedded fieldwork in a South Korean firm from 2014 to 2015 and follow-up interviews in 2018. The author followed an immersive and inductive approach to collecting ethnographic data in situ. The author was hired as an intern in a Korean conglomerate known as the Sangdo Group where he worked alongside Human Resources managers to understand their work practices. The present article reflects difficulties in his original research design and an attempt to analyze the barriers themselves. His analysis combines ideas from theories of securitization and document studies to understand how the idea of protection is reshaping workplaces in South Korea and elsewhere.

The paper highlights three findings first that South Korean workplaces have robust socio-material infrastructures around document protection and security, reflecting that security around document leaks is becoming integrated into normal organizational life. Second, the securitization of document leaks is shifting from treating document leaks as a threat to organizational existence, to a crime by individual actors that organizations track. Third, that even potential document leaks can have transitive effects on teams and managers.

Organizational security practices and their integration into workplace life have rarely been examined together. This paper connects Weber's insights on bureaucratization with the concept of securitization to examine the rise of document security practices and policies in a South Korean organization. The evidence from South Korea is valuable because technological developments around security coupled with organizational complexities portend issues for other organizational environments around the world.