Minimizing Insider Threat Risk with Behavioral Monitoring
I. Hilmi Elifoglu, Ivan Abel, Özlem Tas¸seven
June 1, 2018
Europe, North America
Information Technology, IT, human resources, HR
St. John's University
An insider is a person that has or had a legitimate right to access computing resources of an organization. This definition includes any current or former employee, contractor, customer, or business partner as an insider. Insider threat is the potential for an individual who has or had authorized access to an organization’s assets to use their access, either maliciously or unintentionally, to act in a way that could negatively affect the organization. Insiders may pose a greater threat to cybersecurity than all outside malicious actors combined. The average damage per insider incident is known to be much higher than the outsider attacks, in some instances causing millions of dollars of damage in the form of fraud, sabotage, and the theft of trade secrets or intellectual property. WikiLeaks’ disclosures and industrial espionage cases reported by the FBI show the importance of the insider issue. Until recently, the insider threat did not mean much to the information technology field. As trusted employees or business partners, the insiders were trusted to do what was in the best interest of an organization. Since insiders are already authenticated and inside the system, it is very difficult to pinpoint exactly at what point the insider has become an insider threat. Contrary to the common belief, most insider incidents are not based on sophisticated hacker tools. Most insider threat incidents are the consequences of human actions, such as mistakes, negligence, greed, or reckless behavior. Statistical and analytical prediction models and technical security tools, such as anti-virus software, firewalls, and intrusion-detection systems, have not been very successful in predicting the multi-faceted insider behavior. Because of the human factor, a multidisciplinary people-centric approach is needed. This paper attempts to provide a checklist of best practices against the insider threat by improving the collaboration between the information technology (IT) management and the human resources (HR) department.