Topic: Insider Threat Detection and Management
Insider threats are considered as one of the most serious security problems in many studies and have received considerable attention among organizations over the world. This report will present the term “insider” and “insider threats” in cyber security, motives and effects of insider threats, underlying issues and causes of insider threats, prevention and detection of insider threats and management of insider threats within the organizations. The report will include case studies of malicious insider threats on IT sabotage and fraud as well as oblivious insider threats with analysis and discussions.
In recent years, countries around the world have been developing rules and regulations which are designed to support data confidentiality and security. Many organizations have spent decades on building stronger defenses against intrusion, including firewalls, anti-virus software, email security, identity access badges, security policies and procedures. These protections have made the business world more effective at blocking threats and attacks from the outside and made it increasingly difficult for hackers and viruses to penetrate into the system. However these protections provide only a first line of defense since it is designed to prevent unauthorized access.
There are also threats and attacks from the inside of the organizations and sometimes these can cause far more damage to the organizations than external attacks. Also it is considered the most difficult problem to detect and deal with because an insider is a trusted member of the organization and has access to information, valid authorization and capabilities . Therefore the discussion of insider threat is important and must be well defined in order to analyze the problem precisely and approach a solution.
Insider and Insider Threats
An insider is anyone who has the access rights to a company’s network, system or application. These trusted insiders can be general users who lack technical proficiency or someone well-qualified in technical knowledge like IT administrator.
Insider threats are threats posed by insiders who bypass the security measures of an organization (e.g. policies, processes and technologies). Theoharidou et al. (2005) defines insider threats as “threats originating from people who have been given access rights to an IS and misuse their privileges, thus violating the IS security policy of the organization” in .
The damage inflicted by insider threat is very severe and possibly even crippling to the organization. This is due to the trend that organizations store more information into their core processes. Therefore actions such as deleting and leaking of vital information can cause significant effect. While external security is thorough, the internal security is still often neglected. Hence significant losses such as loss in revenue, intellectual property and reputation would be incurred if the organizations fail to put more emphasis on internal security, or prevention of the insider threat.
2. LITERATURE REVIEW
Causes of insider threats
Insider threats are mostly from current employees and former employees who feel injustice has been done onto them and will only feel satisfied in gaining revenge. Another possible cause of insider threat is the prospect of gaining returns in causing harm to the organization. There is always a motivation involved for the insider threat to be present. Therre are also oblivious insiders who cause damage without malicious intent yet their actions unknowingly compromise information confidentiality.
Prevention of insider threats
It is practically impossible to remove insider threats completely. The only thing we can do is to prevent and minimize such threats from happening. There are currently two main approaches that are practiced in various workplaces to detect and prevent insider...