April 9, 2020

Playbook for Insider Threat

By venkat

Summary

Insider threats are growing and are very complex to handle as it needs to be worked our very closely with a lot of stakeholders including the human resource department.

Our special thanks to Prof. Monica Whitty[1]

Technical details

USE CASES

  • Theft
  • IP theft – e.g., company secrets, money, data
  • Fraud (High ~-70%)
  • Terrorism
  • Reputation damage
  • Blackmail
  • Denial of service attacks
  • Introduction of viruses, worms Trojan horses
  • Corruption or deletion of data
  • Altering data
  • Password cracking

BEHAVIOURAL INDICATORS

  • Hypothetical situations – language change + negative affect (Taylor et al., 2013)
  • Emotional state, such as depressed, stressed (e.g., Shaw & Stock, 2011; Turner & Gelles, 2003).
  • IP theft: Volume of printing (Malood & Stephens, 2007).

DISCOVERY

  • Digital/video evidence – Digital or cyber evidence obtained after the attack because suspicions had been raised
  • Monitoring physical/online initiated after the attack – Person was monitored more closely after complaints or suspicions (usually from someone outside of the organisation). The attack was then discovered in real-time and evidence was found of previous attacks
  • Monitoring procedures real time – Monitoring procedures detected the attack in real time (cyber and/or physical).
  • Customer complaints – Serious complaints by clients/customers about the employee or about problems with their accounts prompted an investigation.
  • Suspicious behaviours reported – Suspicious behaviour/caught in the act reported by fellow employees prompted an investigation.
  • Outside organisation – An outside organisation detected the attack –evidence was provided via these outside sources, which prompted an internal investigation.

Playbook

Insider-abuse
LIVE PREVIEW.

Mitigation

Please refer to the playbook above.

Analysis

References

https://www.cisa.gov/sites/default/files/publications/Insider%20Threat%20Mitigation%20Guide_Final_508.pdf

https://www.techradar.com/news/online-game-popular-with-millions-of-children-gets-compromised

Whitty, M. T. (in press). Developing a conceptual model for insider threat. Journal of Management & Organization.
https://www.youtube.com/watch?v=Zdqy_qgPUfA

Revisions

March 13, 2020: Initial Version