Events

In spite of the potential harm insider attacks can have on an organisation, insider threat is still an under-researched area – especially within the social sciences. This is, in part, because organisations are reluctant to report incidents externally and collecting case studies of insider attacks is resource intensive. This talk sets out a conceptual model for insider threat, based on 99 case studies of insider attacks that took place in the UK. The study involved interviewing investigators, heads of security, IT specialists, law enforcement, security officers, human resource managers, line managers and co-workers who were familiar with the insider. A grounded theory approach was employed to analyse the data and develop a conceptual model. The model considers indicators (both physical and cyber) that might be monitored in an insider risk detection programme as well as how the data could be collected. The model also elucidates potential deterrence and prevention strategies for organisations to consider. Finally, it is argued here that any insider threat prevention and/or detection programme needs to consider the ethical, social acceptability and legal constraints, especially when monitoring employees (for physical or cyber behaviours).