The Insider Threat: Reasons, Effects and Mitigation Techniques

Tsiostas, Dimitrios; Kittes, George; Chouliaras, Nestoras; Kantzavelou, Ioanna; Μαγλαράς, Λέανδρος; Douligeris, Christos; Vlachos, Vasileios

doi:10.1145/3437120.3437336

Cited by 7 publications

(5 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Insider Threat: Tsiostas et al [2] define an insider threat as someone who has an organization's credentials and permissions and acts in a way that harms the organization.…”

Section: Definitions Dendrogrammentioning

confidence: 99%

“…According to Morgan [1], the expected 2023 annual global cost of cybercrime is approximately $11 trillion. A particular concern for cybersecurity is the "insider threat," defined by Tsiostas et al [2] as an individual who has authorized access to organizational assets and information and who acts either maliciously or accidentally in a manner that negatively affects the organization. According to the Ponemon Institute [3], the average cost to resolve all insider threat activities was $15,380,000 per company.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Create the Taxonomy for Unintentional Insider Threat via Text Mining and Hierarchical Clustering Analysis

Baugher,

2024

EJECE

View full text Add to dashboard Cite

The unintentional activities of system users can jeopardize the confidentiality, integrity, and assurance of data on information systems. These activities, known as unintentional insider threat activities, account for a significant percentage of data breaches. A method to mitigate or prevent this threat is using smart systems or artificial intelligence (AI). The construction of an AI requires the development of a taxonomy of activities. The literature review focused on data breach threats, mitigation tools, taxonomy usage in cybersecurity, and taxonomy development using Endnote and Google Scholar. This study aims to develop a taxonomy of unintentional insider threat activities based on narrative descriptions of the breach events in public data breach databases. The public databases were from the California Department of Justice, US Health and Human Services, and Verizon, resulting in 1850 examples of human errors. A taxonomy was constructed to specify the dimensions and characteristics of objects. Text mining and hierarchical cluster analysis were used to create the taxonomy, indicating a quantitative approach. Ward’s agglomeration coefficient was used to ensure the cluster was valid. The resulting top-level taxonomy categories are application errors, communication errors, inappropriate data permissions, lost media, and misconfigurations.

show abstract

“…Insider Threat: Tsiostas et al [2] define an insider threat as someone who has an organization's credentials and permissions and acts in a way that harms the organization.…”

Section: Definitions Dendrogrammentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Create the Taxonomy for Unintentional Insider Threat via Text Mining and Hierarchical Clustering Analysis

Baugher,

2024

EJECE

View full text Add to dashboard Cite

show abstract

“…Incorrect or overly permissive access decisions leave companies vulnerable to insider threats. A malicious or careless insider can harm an organization severely, with consequences spanning from unintentional incidents to sabotage, fraud or espionage (Tsiostas et al, 2020). In contrast, overly restrictive access decisions prevent employees from doing their work, leading to costly interruptions in operations and task backlogs.…”

Section: Introductionmentioning

confidence: 99%

“…In contrast, overly restrictive access decisions prevent employees from doing their work, leading to costly interruptions in operations and task backlogs. Recent studies estimate that the average annual cost of insider threats for companies reach $11.45 million in 2020 (Gilbert, 2021;Tsiostas et al, 2020). The implementation of effective Identity and Access Management (IAM) measures, which follow the principle of least privilege (Horne, 2011), is hence mandated by major regulatory frameworks and IT security standards 1 .…”

Section: Introductionmentioning

confidence: 99%

Optimization of Access Control Policies

Kern¹,

Baumer²,

Groll³

et al. 2022

Journal of Information Security and Applications

View full text Add to dashboard Cite

“…This feature also introduces the humanoids to passive attacks like reconnaissance and non-invasive attacks like spoofing, jamming, blinding, and so on [49]. Other potential sources of attacks on social humanoids include the human element [50] and the AI system [51]. In this context, a current challenge is inadequate knowledge of the threat actors, attack surface, and threat landscape for social robots in public spaces.…”

Section: Introductionmentioning

confidence: 99%

A Systematic Review on Social Robots in Public Spaces: Threat Landscape and Attack Surface

et al. 2022

View full text Add to dashboard Cite

There is a growing interest in using social robots in public spaces for indoor and outdoor applications. The threat landscape is an important research area being investigated and debated by various stakeholders. Objectives: This study aims to identify and synthesize empirical research on the complete threat landscape of social robots in public spaces. Specifically, this paper identifies the potential threat actors, their motives for attacks, vulnerabilities, attack vectors, potential impacts of attacks, possible attack scenarios, and mitigations to these threats. Methods: This systematic literature review follows the guidelines by Kitchenham and Charters. The search was conducted in five digital databases, and 1469 studies were retrieved. This study analyzed 21 studies that satisfied the selection criteria. Results: Main findings reveal four threat categories: cybersecurity, social, physical, and public space. Conclusion: This study completely grasped the complexity of the transdisciplinary problem of social robot security and privacy while accommodating the diversity of stakeholders’ perspectives. Findings give researchers and other stakeholders a comprehensive view by highlighting current developments and new research directions in this field. This study also proposed a taxonomy for threat actors and the threat landscape of social robots in public spaces.

show abstract

The Insider Threat: Reasons, Effects and Mitigation Techniques

Cited by 7 publications

References 11 publications

Create the Taxonomy for Unintentional Insider Threat via Text Mining and Hierarchical Clustering Analysis

Create the Taxonomy for Unintentional Insider Threat via Text Mining and Hierarchical Clustering Analysis

Optimization of Access Control Policies

A Systematic Review on Social Robots in Public Spaces: Threat Landscape and Attack Surface

Contact Info

Product

Resources

About