‘The Enabling Role of Internal Organizational Communication in Insider Threat Activity – Evidence From a High Security Organization’

This paper explores the role of internal communication in one under-researched form of organizational crisis, insider threat – threat to an organization, its people or resources, from those who have legitimate access. In this case study, we examine a high security organization, drawing from in-depth interviews with management and employees concerning the organizational context and a real-life incident of insider threat. We identify the importance of three communication flows (top-down, bottom-up, and lateral) in explaining, and in this case, enabling, insider threat. Derived from this analysis, we draw implications for communication and security scholars, as well as practitioners, concerning: the impact of unintentional communication, the consequences of selective silence and the divergence in levels of shared understanding of security among different groups within an organization.

The Role of Education and Awareness in Tackling Insider Threats

Insider threats present a major concern for organizations worldwide. As organizations need to provide employees with authority to access data to enable them to complete their daily tasks, they leave themselves open to insider attacks. This chapter looks at those who fall into the category which can be referred to as insiders and highlights the activity of outsourcing which is employed by many organizations and defines the term insider threat while pointing out what differentiates an accidental threat from a malicious threat. The discussion also considers various methods of dealing with insider threats before highlighting the role education and awareness plays in the process, the importance of tailoring awareness programs, and what the future holds for insider threats within organizations.

Security Analysis of Machine Learning-Based PUF Enrollment Protocols: A Review

The demand for Internet of Things services is increasing exponentially, and consequently a large number of devices are being deployed. To efficiently authenticate these objects, the use of physical unclonable functions (PUFs) has been introduced as a promising solution for the resource-constrained nature of these devices. The use of machine learning PUF models has been recently proposed to authenticate the IoT objects while reducing the storage space requirement for each device. Nonetheless, the use of a mathematically clonable PUFs requires careful design of the enrollment process. Furthermore, the secrecy of the machine learning models used for PUFs and the scenario of leakage of sensitive information to an adversary due to an insider threat within the organization have not been discussed. In this paper, we review the state-of-the-art model-based PUF enrollment protocols. We identity two architectures of enrollment protocols based on the participating entities and the building blocks that are relevant to the security of the authentication procedure. In addition, we discuss their respective weaknesses with respect to insider and outsider threats. Our work serves as a comprehensive overview of the ML PUF-based methods and provides design guidelines for future enrollment protocol designers.

Detecting Insider Threat from Behavioral Logs Based on Ensemble and Self-Supervised Learning

Recent studies have highlighted that insider threats are more destructive than external network threats. Despite many research studies on this, the spatial heterogeneity and sample imbalance of input features still limit the effectiveness of existing machine learning-based detection methods. To solve this problem, we proposed a supervised insider threat detection method based on ensemble learning and self-supervised learning. Moreover, we propose an entity representation method based on TF-IDF to improve the detection effect. Experimental results show that the proposed method can effectively detect malicious sessions in CERT4.2 and CERT6.2 datasets, where the AUCs are 99.2% and 95.3% in the best case.