INSIDER THREAT MANAGEMENT AS AN ELEMENT  OF THE CORPORATE ECONOMIC SECURITY

This paper considers the insider threats in the companies from different sectors and various methods of their assessment. The problem of information leakage is becoming increasingly important for companies in all areas of economic activity. The problem of insider threats is becoming increasingly important, as the company may incur losses not only due to the leakage of information about its inventions, but also through lawsuits in case of theft of personal information of the customers, contractors and more. This means that in order to gain access to the international markets, Ukrainian companies must have an appropriate level of protection not only of the company’s confidential information, but also of the data on customers, contractors, etc. The objective of the article is to analyze the existing methodological approaches to the assessment of insider threats in the enterprise as a component of personnel and economic security. We came to the conclusion that different industries have different vulnerabilities to insider threats and different approaches to insider threat management. It was determined that information leaks are a serious threat to the company’s economic and personnel security. It was discovered that firms have achieved significant improvements and developed effective procedures for counteracting external threats, however, protection against insider attacks remains rather low. In the course of the research, the concept of an insider attacker was defined, the types of insider threats were established, and the main actions of the personnel prior to the insider attack were outlined. It was proved that the degree of insider threat is determined by the type of activity of the company and the liquidity of information that may be leaked. Most leaks are observed in high-tech companies and medical institutions, while the most liquid is the information of banks, financial institutions, industrial and commercial companies.

Download Full-text

Tracking the Insider Attacker: A Blockchain Traceability System for Insider Threats

Sensors ◽

10.3390/s20185297 ◽

2020 ◽

Vol 20 (18) ◽

pp. 5297

Author(s):

Teng Hu ◽

Bangzhou Xin ◽

Xiaolei Liu ◽

Ting Chen ◽

Kangyi Ding ◽

...

Keyword(s):

Data Storage ◽

Differential Privacy ◽

Information Leakage ◽

Consensus Algorithm ◽

Insider Threat ◽

User Privacy ◽

Insider Threats ◽

Traceability System ◽

Insider Attack ◽

Internal Network

The insider threats have always been one of the most severe challenges to cybersecurity. It can lead to the destruction of the organisation’s internal network system and information leakage, which seriously threaten the confidentiality, integrity and availability of data. To make matters worse, since the attacker has authorized access to the internal network, they can launch the attack from the inside and erase their attack trace, which makes it challenging to track and forensics. A blockchain traceability system for insider threats is proposed in this paper to mitigate the issue. First, this paper constructs an insider threat model of the internal network from a different perspective: insider attack forensics and prevent insider attacker from escaping. Then, we analyze why it is difficult to track attackers and obtain evidence when an insider threat has occurred. After that, the blockchain traceability system is designed in terms of data structure, transaction structure, block structure, consensus algorithm, data storage algorithm, and query algorithm, while using differential privacy to protect user privacy. We deployed this blockchain traceability system and conducted experiments, and the results show that it can achieve the goal of mitigating insider threats.

Download Full-text

An Insider Data Leakage Detection Using One-Hot Encoding, Synthetic Minority Oversampling and Machine Learning Techniques

Entropy ◽

10.3390/e23101258 ◽

2021 ◽

Vol 23 (10) ◽

pp. 1258

Author(s):

Taher Al-Shehari ◽

Rakan A. Alsowail

Keyword(s):

Machine Learning ◽

Detection System ◽

Machine Learning Algorithms ◽

Machine Learning Techniques ◽

Sensitive Period ◽

Insider Threat ◽

Leakage Detection ◽

Insider Threats ◽

Insider Attack ◽

Proposed Model

Insider threats are malicious acts that can be carried out by an authorized employee within an organization. Insider threats represent a major cybersecurity challenge for private and public organizations, as an insider attack can cause extensive damage to organization assets much more than external attacks. Most existing approaches in the field of insider threat focused on detecting general insider attack scenarios. However, insider attacks can be carried out in different ways, and the most dangerous one is a data leakage attack that can be executed by a malicious insider before his/her leaving an organization. This paper proposes a machine learning-based model for detecting such serious insider threat incidents. The proposed model addresses the possible bias of detection results that can occur due to an inappropriate encoding process by employing the feature scaling and one-hot encoding techniques. Furthermore, the imbalance issue of the utilized dataset is also addressed utilizing the synthetic minority oversampling technique (SMOTE). Well known machine learning algorithms are employed to detect the most accurate classifier that can detect data leakage events executed by malicious insiders during the sensitive period before they leave an organization. We provide a proof of concept for our model by applying it on CMU-CERT Insider Threat Dataset and comparing its performance with the ground truth. The experimental results show that our model detects insider data leakage events with an AUC-ROC value of 0.99, outperforming the existing approaches that are validated on the same dataset. The proposed model provides effective methods to address possible bias and class imbalance issues for the aim of devising an effective insider data leakage detection system.

Download Full-text

Insider Attack Analysis in Building Effective Cyber Security for an Organization

Cyber Law, Privacy, and Security ◽

10.4018/978-1-5225-8897-9.ch070 ◽

2019 ◽

pp. 1408-1425

Author(s):

Sunita Vikrant Dhavale

Keyword(s):

Cyber Security ◽

Cyber Attacks ◽

Recent Survey ◽

Insider Threat ◽

Confidential Information ◽

Insider Threats ◽

Insider Attack ◽

Organizational Information ◽

Future Challenges ◽

Information Assets

Recent studies have shown that, despite being equipped with highly secure technical controls, a broad range of cyber security attacks were carried out successfully on many organizations to reveal confidential information. This shows that the technical advancements of cyber defence controls do not always guarantee organizational security. According to a recent survey carried out by IBM, 55% of these cyber-attacks involved insider threat. Controlling an insider who already has access to the company's highly protected data is a very challenging task. Insider attacks have great potential to severely damage the organization's finances as well as their social credibility. Hence, there is a need for reliable security frameworks that ensure confidentiality, integrity, authenticity, and availability of organizational information assets by including the comprehensive study of employee behaviour. This chapter provides a detailed study of insider behaviours that may hinder organization security. The chapter also analyzes the existing physical, technical, and administrative controls, their objectives, their limitations, insider behaviour analysis, and future challenges in handling insider threats.

Download Full-text

A Study Case in NTMC POLRI: Reducing Data Breach Risk from Insider Threats by Using Risk IT Framework

ACMIT Proceedings ◽

10.33555/acmit.v3i1.41 ◽

2019 ◽

Vol 3 (1) ◽

pp. 171-179

Author(s):

Musdi Muhammad Soleh

Keyword(s):

Insider Threat ◽

Data Breach ◽

Insider Threats ◽

External Threats ◽

Study Case

Risks is not only merely comes from external threats, it is also comes from inside - internal actor. Vormetric Insider Threat mentioned that in 800 surveyed enterprise companies, 89% vulnerable to insider attacks [1]. It mentioned that Data Breach issue the highest risk happened to the company caused by insider threats. This paper will analyse the insider attacks, Risk IT framework will be used toreduce to reduce and prevent these vulnerabilities in valuable assets.

Download Full-text

Insider Attack Analysis in Building Effective Cyber Security for an Organization

Advances in Digital Crime, Forensics, and Cyber Terrorism - Psychological and Behavioral Examinations in Cyber Security ◽

10.4018/978-1-5225-4053-3.ch013 ◽

2018 ◽

pp. 222-238

Author(s):

Sunita Vikrant Dhavale

Keyword(s):

Cyber Security ◽

Cyber Attacks ◽

Recent Survey ◽

Insider Threat ◽

Confidential Information ◽

Insider Threats ◽

Insider Attack ◽

Organizational Information ◽

Future Challenges ◽

Information Assets

Download Full-text

Study on Inside Threats Based on Analytic Hierarchy Process

Symmetry ◽

10.3390/sym12081255 ◽

2020 ◽

Vol 12 (8) ◽

pp. 1255

Author(s):

Sang Seo ◽

Dohoon Kim

Keyword(s):

Decision Making ◽

User Behavior ◽

Information Leakage ◽

Analytic Hierarchy ◽

Insider Threats ◽

Protection Measures ◽

Security Breaches ◽

External Threats ◽

System Logs ◽

Decision Making System

Insider threats that occur within organizations cause more serious damage than external threats. However, there are many factors that are difficult to determine, such as the definition, classification, and severity of security breaches; hence, it is necessary to analyze system logs and user behavior-based scenarios within organizations. The reality is that qualitative judgment criteria are different for everyone to apply, and there is no detailed verification procedure to compare them objectively. In this study, realistic insider threats were examined through the definition, classification, and correlation/association analysis of various human–machine logs of acts associated with security breaches that occur in an organization. In addition, a quantitative process and decision-making tool were developed for insider threats by establishing various internal information leakage scenarios. As a result, insider threats were assessed quantitatively and a decision-making process was completed that enabled case analysis based on several insider threat scenarios. This study will enable precise modeling of insider threats that occur in real organizations and will support an objective process and a decision-making system to establish a range of required information for security protection measures.

Download Full-text

Threats to the Economic Security of Russia in the Context of Trends in the Development of Africa

Экономическая наука современной России ◽

10.33293/1609-1442-2019-4(87)-112-125 ◽

2020 ◽

pp. 112-125

Author(s):

Alexander I. Selivanov ◽

Vladimir G. Starovoitov ◽

Dmitriy V. Troshin

Keyword(s):

National Economy ◽

Economic Security ◽

Economic Transformation ◽

Economic Crime ◽

African Continent ◽

New Developments ◽

External Threats ◽

National Economic ◽

The World ◽

National Economic Security

Situation and value of the African continent on the economic and social cardmap of the world dynamically changes and will continue to change throughout all the 21st century with strengthening of the Africa positions in the world. In Russia all the complex of threats and problems which arise owing to political and economic transformation of Africa is not adequately estimated. The scientific literature on economic security issues presents an expanded set of internal and external threats to the national economy that goes beyond the traditional areas of the shadow economy, corruption, economic crime and related segments, including the internal economic stability of the national economy and inter-country competition, the quality of state strategic management, studies of the specifics of ensuring economic security in the conditions of the sixth technological order, intercultural communication and their impact on the economic relations between countries, etc. Incomplete use of such approach to strategy for the countries of Africa creates additional threats and risks for Russia. An analysis of security problems in Africa revealed that studies of economic security in the context of African development trends in Russia are conducted in an unsatisfactory volume, not always taking into account the results of new developments in the field of ensuring economic security. Even the large shifts happening on the African continent, forecasts of this dynamics sometimes are poorly known to experts of a profile of economic security, and many experts of an economic profile including working in the African subject often do not accurately distinguish problems of “economic cooperation” and “the Russian – African relations”, on the one hand, and “economic security of Russia” – with another. In this regard the new scientific problem is proved: need for deeper analysis of trends of economic and social development in Africa as an important component of a system of ensuring national economic security of Russia in the current period and in the future into account the new developments in the sphere of economic security. The main directions of activating scientific research and concentration of practical efforts to increase national economic security, neutralize threats and reduce risk for Russia in the designated context are formulated.

Download Full-text

The impact of internal and external shock factors on the quality of credit card services: Focus on personal information leakage in 2014 and MERS in 2015

Journal of Korea Service Management Society ◽

10.15706/jksms.2020.21.2.007 ◽

2020 ◽

Vol 21 (2) ◽

pp. 157-176

Author(s):

Chae-Hoon Lee

Keyword(s):

Credit Card ◽

Personal Information ◽

Information Leakage ◽

The Impact

Download Full-text

Evaluating the security of the fiscal and budgetary system of the Kemerovo Oblast

National Interests Priorities and Security ◽

10.24891/ni.16.5.966 ◽

2020 ◽

Vol 16 (5) ◽

pp. 966-979

Author(s):

O.B. Sheveleva ◽

E.V. Slesarenko

Keyword(s):

Socioeconomic Development ◽

Critical Value ◽

Economic Security ◽

Energy Market ◽

High Tech ◽

Regional Competitiveness ◽

Kemerovo Oblast ◽

Manufacturing Sectors ◽

Fiscal System ◽

Integral Indicator

Subject. The article deals with the security of the fiscal and budgetary system in resource-based regions during highly volatile prices in the global energy market external economic, political, technological and epidemiological shocks. Objectives. The study is to detect hazards in the fiscal and budgetary system of resource-based regions. Such hazards really put the regional competitiveness and economic security at peril. Methods. The article evaluates the security of the fiscal system in the Kemerovo Oblast through the integral indicator and the threshold (critical) value. Results. We found key threats to the fiscal and budgetary system of the Kemerovo Oblast, which undermine the regional competitiveness and economic security. Conclusions and Relevance. Authorities shall comprehensively attempt to create the environment for developing manufacturing sectors in the region, especially science-intensive and high-tech production enterprises by alleviating infrastructure and administrative constraints for business, raising the finance of science and innovation from the State and mobilize investors' resources, lure them to finance prioritized lines of the regional economic development. The findings and conclusions can be used to outline principles of the region's economic policy, socioeconomic development strategies of the region economy.

Download Full-text

A Multi-Tiered Framework for Insider Threat Prevention

Electronics ◽

10.3390/electronics10091005 ◽

2021 ◽

Vol 10 (9) ◽

pp. 1005

Author(s):

Rakan A. Alsowail ◽

Taher Al-Shehari

Keyword(s):

Real World ◽

Relevant Literature ◽

Security And Privacy ◽

Insider Threat ◽

Unified Framework ◽

Insider Threats ◽

Public And Private ◽

Private Organizations ◽

Confidential Data ◽

Real Value

As technologies are rapidly evolving and becoming a crucial part of our lives, security and privacy issues have been increasing significantly. Public and private organizations have highly confidential data, such as bank accounts, military and business secrets, etc. Currently, the competition between organizations is significantly higher than before, which triggers sensitive organizations to spend an excessive volume of their budget to keep their assets secured from potential threats. Insider threats are more dangerous than external ones, as insiders have a legitimate access to their organization’s assets. Thus, previous approaches focused on some individual factors to address insider threat problems (e.g., technical profiling), but a broader integrative perspective is needed. In this paper, we propose a unified framework that incorporates various factors of the insider threat context (technical, psychological, behavioral and cognitive). The framework is based on a multi-tiered approach that encompasses pre, in and post-countermeasures to address insider threats in an all-encompassing perspective. It considers multiple factors that surround the lifespan of insiders’ employment, from the pre-joining of insiders to an organization until after they leave. The framework is utilized on real-world insider threat cases. It is also compared with previous work to highlight how our framework extends and complements the existing frameworks. The real value of our framework is that it brings together the various aspects of insider threat problems based on real-world cases and relevant literature. This can therefore act as a platform for general understanding of insider threat problems, and pave the way to model a holistic insider threat prevention system.

Download Full-text