A critical reflection on the threat from human insiders - its nature, industry perceptions, and detection approaches

Jason R.C. Nurse, Philip A. Legg, Oliver Buckley, Ioannis Agrafiotis, Gordon Wright, Monica Whitty, David Upton, Michael Goldsmith, Sadie Creese

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

20 Citations (Scopus)

Abstract

Organisations today operate in a world fraught with threats, including "script kiddies", hackers, hacktivists and advanced persistent threats. Although these threats can be harmful to an enterprise, a potentially more devastating and anecdotally more likely threat is that of the malicious insider. These trusted individuals have access to valuable company systems and data, and are well placed to undermine security measures and to attack their employers. In this paper, we engage in a critical reflection on the insider threat in order to better understand the nature of attacks, associated human factors, perceptions of threats, and detection approaches. We differentiate our work from other contributions by moving away from a purely academic perspective, and instead focus on distilling industrial reports (i.e., those that capture practitioners' experiences and feedback) and case studies in order to truly appreciate how insider attacks occur in practice and how viable preventative solutions may be developed.

Original languageEnglish
Title of host publicationHuman Aspects of Information Security, Privacy, and Trust - Second International Conference, HAS 2014, Held as Part of HCI International 2014, Proceedings
PublisherSpringer-Verlag London Ltd.
Pages270-281
Number of pages12
ISBN (Print)9783319076195
DOIs
Publication statusPublished - 2014
Externally publishedYes
EventInternational Conference on Human Aspects of Information Security, Privacy, and Trust 2014 - Heraklion, Crete, Greece
Duration: 22 Jun 201427 Jun 2014
Conference number: 2nd
https://link.springer.com/book/10.1007/978-3-319-07620-1

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume8533
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceInternational Conference on Human Aspects of Information Security, Privacy, and Trust 2014
Abbreviated titleHAS 2014
Country/TerritoryGreece
CityHeraklion, Crete
Period22/06/1427/06/14
Internet address

Keywords

  • detection approaches
  • human factors
  • insider threats
  • survey reports
  • technical and psychological indicators

Cite this