The Role of Education and Awareness in Tackling Insider Threats

Insider threats present a major concern for organizations worldwide. As organizations need to provide employees with authority to access data to enable them to complete their daily tasks, they leave themselves open to insider attacks. This chapter looks at those who fall into the category which can be referred to as insiders and highlights the activity of outsourcing which is employed by many organizations and defines the term insider threat while pointing out what differentiates an accidental threat from a malicious threat. The discussion also considers various methods of dealing with insider threats before highlighting the role education and awareness plays in the process, the importance of tailoring awareness programs, and what the future holds for insider threats within organizations.

Detecting Insider Threat from Behavioral Logs Based on Ensemble and Self-Supervised Learning

Recent studies have highlighted that insider threats are more destructive than external network threats. Despite many research studies on this, the spatial heterogeneity and sample imbalance of input features still limit the effectiveness of existing machine learning-based detection methods. To solve this problem, we proposed a supervised insider threat detection method based on ensemble learning and self-supervised learning. Moreover, we propose an entity representation method based on TF-IDF to improve the detection effect. Experimental results show that the proposed method can effectively detect malicious sessions in CERT4.2 and CERT6.2 datasets, where the AUCs are 99.2% and 95.3% in the best case.

Can Extremism Be Thought of As an Insider Threat?

This paper discusses extremism and insider threats. The issue of concern is whether a person who holds extremist beliefs will at some point become an insider threat. The identification of an insider threat is highlighted, with the understanding that extremism can occur on the far-right and far-left. The paper observes one feature of extremism is that extremists can become mainstream, mainly when the political climate changes. Several existing laws involving extremism are outlined, understanding that there is no one-size-fits-all explanation for extremism

Guest Editorial: Special Issue on Insider Threats

We introduce the articles selected for publication in this special issue by briefly discussing the nature of insider threats, some major research challenges, and the need for insider threat programs to examine both technical and behavioral indicators of concern.

Insiders Dissected - New Foundations and a Systematisation of the Research on Insiders

The insider threat is often cited as one of the most challenging threats for security practitioners. Even though this topic is receiving considerable attention, two main problems remain unsolved. First, research on insider threats is focusing on many different insiders without being able to actually identify and consistently entitle the key aspects of the insiders. As a result, this research can neither be identified by practitioners as being relevant for their real-world insider problems, nor can it be compared with other research targeting the same insider aspects. Second, a clear understanding of insiders is vital for analysing, which insider properties are responsible for the peculiarity of insider threats. In this paper, a systematic approach to dissect the defining aspects of insiders is proposed, which includes specific allocatable insider characteristics. Additionally, the insider characteristics are extended towards insider types, which establish universal and unambiguous names for different insiders, and which are related with each other to form a new and simple insider taxonomy. The new foundations on insiders allow the comparison of different insider research in a structured manner. Furthermore, the new approach facilitates the identification of specific features of insider threats in future work.

An Insider Data Leakage Detection Using One-Hot Encoding, Synthetic Minority Oversampling and Machine Learning Techniques

Insider threats are malicious acts that can be carried out by an authorized employee within an organization. Insider threats represent a major cybersecurity challenge for private and public organizations, as an insider attack can cause extensive damage to organization assets much more than external attacks. Most existing approaches in the field of insider threat focused on detecting general insider attack scenarios. However, insider attacks can be carried out in different ways, and the most dangerous one is a data leakage attack that can be executed by a malicious insider before his/her leaving an organization. This paper proposes a machine learning-based model for detecting such serious insider threat incidents. The proposed model addresses the possible bias of detection results that can occur due to an inappropriate encoding process by employing the feature scaling and one-hot encoding techniques. Furthermore, the imbalance issue of the utilized dataset is also addressed utilizing the synthetic minority oversampling technique (SMOTE). Well known machine learning algorithms are employed to detect the most accurate classifier that can detect data leakage events executed by malicious insiders during the sensitive period before they leave an organization. We provide a proof of concept for our model by applying it on CMU-CERT Insider Threat Dataset and comparing its performance with the ground truth. The experimental results show that our model detects insider data leakage events with an AUC-ROC value of 0.99, outperforming the existing approaches that are validated on the same dataset. The proposed model provides effective methods to address possible bias and class imbalance issues for the aim of devising an effective insider data leakage detection system.

Countering the Threat of Nuclear Terrorism Arising from Malicious Insiders

Nuclear theft from malicious insiders is a significant threat to Pakistan’s nuclear weapons arsenal. Pakistan is a member of the Convention of the Physical Protection of Nuclear Material (CPPNM), which is an international agreement that adheres to the protection of nuclear materials and the recovery of stolen nuclear materials. However, this agreement does not specifically take into account the risk of security breaches arising from malicious insiders due to Pakistan’s rapidly growing nuclear arsenal. The purpose of this paper is to examine the heightened risk of insider threats in conjunction with Pakistan’s increasing nuclear force structure. The first section of the paper examines the history of the development of Pakistan’s nuclear weapons programme and discusses Pakistan’s current nuclear force structure. The second section examines the international and domestic policies that Pakistan follows to address the issue of insider threats to Pakistan’s nuclear facilities. The final section proposes two policy alternatives to address Pakistan’s growing insider threat risks and outlines how the Design Basis Threat assessment is the most effective solution for Pakistan’s growing insider threat.