{"id":135,"date":"2020-12-04T14:31:40","date_gmt":"2020-12-04T14:31:40","guid":{"rendered":"https:\/\/gustavs.se\/intra\/?p=135"},"modified":"2020-12-08T15:23:38","modified_gmt":"2020-12-08T15:23:38","slug":"what-are-insider-threats","status":"publish","type":"post","link":"https:\/\/gustavs.se\/intra\/what-are-insider-threats\/","title":{"rendered":"What are insider threats?"},"content":{"rendered":"\n<p>Insider threats are mainly studied from two different perspectives in academia: cyber security research and intelligence research. These two perspectives intersect as both explore questions of security and information. Scholars researching intelligence, counterintelligence and national security perspectives of insiders and insider threats refer to studies in cyber security<span id='easy-footnote-1-135' class='easy-footnote-margin-adjust'><\/span><span class='easy-footnote'><a href='https:\/\/gustavs.se\/intra\/what-are-insider-threats\/#easy-footnote-bottom-1-135' title='e.g. Bell, A. J.C., Rogers, B. M. &amp;amp; Pearce, J. M., (2019), \u201cThe insider threat: Behavioral indicators and factors influencing likelihood of intervention\u201d &lt;em&gt;International Journal of Critical Infrastructure Protection&lt;\/em&gt;, vol. 24, March 2019, Pages 166-176, &lt;a href=&quot;https:\/\/doi.org\/10.1016\/j.ijcip.2018.12.001&quot;&gt;DOI&lt;\/a&gt;'><sup>1<\/sup><\/a><\/span> and vice versa <span id='easy-footnote-2-135' class='easy-footnote-margin-adjust'><\/span><span class='easy-footnote'><a href='https:\/\/gustavs.se\/intra\/what-are-insider-threats\/#easy-footnote-bottom-2-135' title='e.g. Mundie, D. A. Perl, S. &amp;amp; Huth, C. L. (2013), &amp;#8220;Toward an Ontology for Insider Threat Research: Varieties of Insider Threat Definitions&amp;#8221;, &lt;em&gt;Third Workshop on Socio-Technical Aspects in Security and Trust&lt;\/em&gt;, &lt;a href=&quot;https:\/\/doi.org\/10.1109\/STAST.2013.14&quot;&gt;DOI&lt;\/a&gt;'><sup>2<\/sup><\/a><\/span>.<\/p>\n\n\n\n<p>The lack of a standard definition of \u201cinsider threats\u201d and \u201cinsiders\u201d has been a problem in research, Mundie, Perl &amp; Huth <span id='easy-footnote-3-135' class='easy-footnote-margin-adjust'><\/span><span class='easy-footnote'><a href='https:\/\/gustavs.se\/intra\/what-are-insider-threats\/#easy-footnote-bottom-3-135' title='Mundie, D. A. Perl, S. &amp;amp; Huth, C. L. (2013), &amp;#8220;Toward an Ontology for Insider Threat Research: Varieties of Insider Threat Definitions&amp;#8221;, &lt;em&gt;Third Workshop on Socio-Technical Aspects in Security and Trust&lt;\/em&gt;, &lt;a href=&quot;https:\/\/doi.org\/10.1109\/STAST.2013.14&quot;&gt;DOI&lt;\/a&gt;'><sup>3<\/sup><\/a><\/span> noted when they explored 42 different definitions of the terms. Their own definition of the term \u201dinsider threat\u201d reads as follows:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote\"><p><em>Current or former employee, contractor, or other business partner who has or had authorized access to an organization\u2019s network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization\u2019s information or information systems.<\/em><\/p><cite>Mundie, Perl &amp; Huth, 2013, <a href=\"https:\/\/doi.org\/10.1109\/STAST.2013.14\" target=\"_blank\" rel=\"noopener\">DOI<\/a><\/cite><\/blockquote>\n\n\n\n<p>This definition equates \u201cinsider threat\u201d with \u201cinsider\u201d, as harm is already done. In contrast, others describe a threat as \u201ca set of circumstances that has the potential to cause loss or harm\u201d <span id='easy-footnote-4-135' class='easy-footnote-margin-adjust'><\/span><span class='easy-footnote'><a href=\"https:\/\/gustavs.se\/intra\/what-are-insider-threats\/#easy-footnote-bottom-4-135\" title=\"Pfleeger, C. P., Lawrence Pfleeger, S., Margulies, J., 2015, \u201cSecurity in Computing\u201d, ed. 5, &lt;em&gt;Pearson Education, Inc.&lt;\/em&gt;, &lt;a href=&quot;https:\/\/www.pearson.com\/us\/higher-education\/program\/Pfleeger-Security-in-Computing-5th-Edition\/PGM25284.html&quot;&gt;URL&lt;\/a&gt;, p. 5\"><sup>4<\/sup><\/a><\/span>. People that have already caused harm, i.e. threats that have performed (at least some of) their harmful potential, are referred to simply as \u201cinsiders\u201d<span id='easy-footnote-5-135' class='easy-footnote-margin-adjust'><\/span><span class='easy-footnote'><a href=\"https:\/\/gustavs.se\/intra\/what-are-insider-threats\/#easy-footnote-bottom-5-135\" title=\"Pfleeger, C. P., Lawrence Pfleeger, S., Margulies, J., 2015, \u201cSecurity in Computing\u201d, ed. 5, &lt;em&gt;Pearson Education, Inc.&lt;\/em&gt;, &lt;a href=&quot;https:\/\/www.pearson.com\/us\/higher-education\/program\/Pfleeger-Security-in-Computing-5th-Edition\/PGM25284.html&quot;&gt;URL&lt;\/a&gt;, p. 498\"><sup>5<\/sup><\/a><\/span> and their actions as \u201cinsider acts\u201d. Deliberate actions with the intent to cause harm are described as \u201dinsider attacks\u201d<span id='easy-footnote-6-135' class='easy-footnote-margin-adjust'><\/span><span class='easy-footnote'><a href=\"https:\/\/gustavs.se\/intra\/what-are-insider-threats\/#easy-footnote-bottom-6-135\" title=\"Pfleeger, C. P., Lawrence Pfleeger, S., Margulies, J., 2015, \u201cSecurity in Computing\u201d, ed. 5, &lt;em&gt;Pearson Education, Inc.&lt;\/em&gt;, &lt;a href=&quot;https:\/\/www.pearson.com\/us\/higher-education\/program\/Pfleeger-Security-in-Computing-5th-Edition\/PGM25284.html&quot;&gt;URL&lt;\/a&gt;, p. 844\"><sup>6<\/sup><\/a><\/span>, and their perpetrators \u201dmalicious insiders\u201d, whilst human threats without intent to cause harm are defined as benign or non-malicious<span id='easy-footnote-7-135' class='easy-footnote-margin-adjust'><\/span><span class='easy-footnote'><a href=\"https:\/\/gustavs.se\/intra\/what-are-insider-threats\/#easy-footnote-bottom-7-135\" title=\"Pfleeger, C. P., Lawrence Pfleeger, S., Margulies, J., 2015, \u201cSecurity in Computing\u201d, ed. 5, &lt;em&gt;Pearson Education, Inc.&lt;\/em&gt;, &lt;a href=&quot;https:\/\/www.pearson.com\/us\/higher-education\/program\/Pfleeger-Security-in-Computing-5th-Edition\/PGM25284.html&quot;&gt;URL&lt;\/a&gt;, p. 42\"><sup>7<\/sup><\/a><\/span>. With this definition of the term, Pfleeger, Lawrence Pfleeger &amp; Margulies identify benign insiders as the most common harmful insider in computer security: \u201cThe vast majority of harm from insiders is not malicious; it is honest people making honest mistakes\u201d<span id='easy-footnote-8-135' class='easy-footnote-margin-adjust'><\/span><span class='easy-footnote'><a href=\"https:\/\/gustavs.se\/intra\/what-are-insider-threats\/#easy-footnote-bottom-8-135\" title=\"Pfleeger, C. P., Lawrence Pfleeger, S., Margulies, J., 2015, \u201cSecurity in Computing\u201d, ed. 5, &lt;em&gt;Pearson Education, Inc.&lt;\/em&gt;, &lt;a href=&quot;https:\/\/www.pearson.com\/us\/higher-education\/program\/Pfleeger-Security-in-Computing-5th-Edition\/PGM25284.html&quot;&gt;URL&lt;\/a&gt;, p. 5\"><sup>8<\/sup><\/a><\/span>. A similar term is \u201cunintentional insider threat (UIT)\u201d, describing those \u201cwhose actions unintentionally expose the organizations to risk\u201d<span id='easy-footnote-9-135' class='easy-footnote-margin-adjust'><\/span><span class='easy-footnote'><a href=\"https:\/\/gustavs.se\/intra\/what-are-insider-threats\/#easy-footnote-bottom-9-135\" title=\"Greitzer, F.L., Strozer, J.R., Cohen, S., Moore, A.P., Mundie, D. &amp;amp; Cowley, J., 2014, \u201cAnalysis of Unintentional Insider Threats Deriving from Social Engineering Exploits\u201d, &lt;em&gt;2014 IEEE Security &amp;amp; Privacy Workshops&lt;\/em&gt;, p. 236, &lt;a href=&quot;https:\/\/doi.org\/10.1109\/SPW.2014.39&quot;&gt;DOI&lt;\/a&gt;\"><sup>9<\/sup><\/a><\/span>.<\/p>\n\n\n\n<p><em>(<a href=\"https:\/\/www.flickr.com\/photos\/fineplan\/9260107262\" target=\"_blank\" rel=\"noopener\">Photo<\/a> by <a href=\"https:\/\/www.flickr.com\/photos\/fineplan\/\" target=\"_blank\" rel=\"noopener\">fine_plan<\/a>, Flickr)<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Insider threats are mainly studied from two different perspectives in academia: cyber security research and intelligence research. These two perspectives intersect as both explore questions of security and information. Scholars researching intelligence, counterintelligence and national security perspectives of insiders and insider threats refer to studies in cyber security and vice versa . The lack of [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":140,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[7],"tags":[],"_links":{"self":[{"href":"https:\/\/gustavs.se\/intra\/wp-json\/wp\/v2\/posts\/135"}],"collection":[{"href":"https:\/\/gustavs.se\/intra\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gustavs.se\/intra\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gustavs.se\/intra\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gustavs.se\/intra\/wp-json\/wp\/v2\/comments?post=135"}],"version-history":[{"count":3,"href":"https:\/\/gustavs.se\/intra\/wp-json\/wp\/v2\/posts\/135\/revisions"}],"predecessor-version":[{"id":149,"href":"https:\/\/gustavs.se\/intra\/wp-json\/wp\/v2\/posts\/135\/revisions\/149"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gustavs.se\/intra\/wp-json\/wp\/v2\/media\/140"}],"wp:attachment":[{"href":"https:\/\/gustavs.se\/intra\/wp-json\/wp\/v2\/media?parent=135"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gustavs.se\/intra\/wp-json\/wp\/v2\/categories?post=135"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gustavs.se\/intra\/wp-json\/wp\/v2\/tags?post=135"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}