Peer Reviewed

Insider Threats

Organisations and information security practitioners are increasingly adept at addressing the threat posed by cyber-attack from external actors, however, the risks associated with trusted parties or insiders is often overlooked. The insider threat poses a significant risk with potentially severe consequences and as such deserves rigorous treatment within organisational risk management and security plans. This article provides an introduction to the insider risk, providing a basis from which information security professionals can begin to assess the risk to their own organisation and prepare accordingly. The author begins with an examination of the actors, motivations and form of insider attacks in conjunction with an overview of a number of conceptual models for describing and understanding them. The article then goes on to look at methods for protecting against insider attacks, discussing general approaches and providing a summary of best practice.

Go to the profile of Nick Mazitelli
Sep 28, 2016

Please sign in or register for FREE

Register to E&T Cyber Security Hub

E&T Cyber Security Hub brings together engineers and cyber security specialists to share practical know-how. With content created ‘by engineers, for engineers,’ it provides peer-reviewed technical information, real-world insights, lessons learnt and case studies, as well as tools for networking and knowledge-sharing, profiles of experts and the opportunity for companies to showcase their expertise.



Go to the profile of Jeremy Swinfen Green
Jeremy Swinfen Green over 1 year ago

This is a very helpful article and full of really useful facts and references. Thank you. You make a distinction between malicious and accidental behaviour. I think the reality is slightly more complex and there is a spectrum of behaviour that ranges from deliberate theft to accidental loss. In the middle there are a range of behavioural motivations or causes with a greater or lesser degree of culpability such as (in no particular order of culpability):
I did it because everyone else does it
I did it because the boss does it
I did it because I thought it was the right thing to do
I did it because I didn't know what to do
I did it because I was in a rush (thanks for your fish and chips example!)
I did it because I was stressed out with too much work
I did it because I thought I could handle it if things went wrong
I did it because I didn't want to be rude
I did it because I didn't want to get into trouble
I did it because I was told to
I did it because I didn't think it would matter
I did it because I wanted to get my work done
I did it because it was easier
I did it because I forgot
I did it because I trusted them
I did it because it has never been a problem before
These and other subtle motives are hard to manage and need a combination of clear rules, usable systems (that have been designed in conjunction with end users), training, awareness campaigns and cultural change programmes. Backed up of course by robust breach response programmes for when something inevitably does go wrong!

Go to the profile of Nick Mazitelli
Nick Mazitelli over 1 year ago

Go to the profile of Nick Mazitelli
Nick Mazitelli over 1 year ago

Thanks Jeremy.

Indeed, the paths that lead to the insider threat are many and varied, the reality both more subtle and more problematic than the common 'disgruntled sysadmin' stereotype would have us believe. As with so much in cybersecurity, the solution is neither an unobtainable 'dark art' or an easily acquired 'quick fix' but instead is based on the application of proven techniques complemented by appropriate technology as part of a business as usual approach to security.