A Closer Look at Insider Threat Research
Authors: Ivan Kong, Masooda Bashir
Abstract: Insider threats are a danger to organizations everywhere and no organization is immune to the effects of an insider incident. Organizations suffer from individuals whose actions expose the organization to risk or harm in some ways. This situation includes insiders who intentionally or unintentionally cause actions that bring harm or significantly increases risk to the organization. Insider security breaches have been identified by organizations as a pressing problem with no simple solution. This paper presents a systematic literature review of published, scholarly articles on insider threat research from 2010 to 2020. The focus of this literature review is to survey the topics, methodologies, and theories of current insider threat research. The goal of this literature review is to provide an overview of the trends in insider threat research. Fifty-two studies were identified, and about half the papers dealt with identifying potential insiders through machine learning techniques. The most popular trend was the use of learning-based algorithms, such as neural networks and support vector machines, that classified a user as an insider versus a non-insider. Aside from the popular modeling approach, the other publications included in our review focused on human factors related to insider threat and the common methodology for these papers were the use of surveys and questionnaires. Another trend identified in the literature was the use of behavioral patterns as an insider threat indicator. Lastly, researchers identified best practices for organizations to address insider threats. The outcome of this literature review identified trends, best practices, and knowledge that can be used to further develop insider threat frameworks and methodologies. Furthermore, this literature review presents implications for researchers including challenges, issues, and future research directions.
Keywords: insider threat, cybersecurity, human factors, unintentional insider, intentional insider
Cite this paper: