Although reports of hacker jobs done from within organizations make the news each year, that a longtime employee, former employee, or trusted business partner could be responsible for company cyberattacks still comes as a surprise to many. But it shouldn’t. According to a 2018 study by the Poneman Institute, a research center dedicated to privacy, data protection, and information security policy, insiders are responsible for at least 50 percent of data breaches, and insider crimes cost organizations more than other types of cybercrime at an average of nearly $9 million per organization annually.
Illinois Tech researcher Eunice Santos, the Ron Hochsprung Endowed Chair, chair of the Department of Computer Science, and professor of computer science is leading a project where computer models identify valid insider threats and assess the type of threat an insider presents. Santos is working with John Korah, research assistant professor of computer science; Ph.D. students Vairavan Murugappan and Suresh Subramanian; and researchers at Dartmouth College.
A former senior research fellow of the United States Department of Defense’s Center for Technology & National Security Policy, Santos has done extensive prior work in socio-cultural computer modeling. She and her team proposed a framework composed of eight distinct insider threat types identified by measuring three important individual qualities: predictability, susceptibility, and awareness.
For the initial model of insider predictability, for example, Santos’s group examined four categories of biases: socio-cultural, arising from age, gender, education, and other factors; emotional; situational; or social network, and found that bias can both increase and decrease predictability, and as such, is not a good indicator of predictability. The paper “Modeling Insider Threat Types in Cyber Organizations” detailing the group’s initial findings appears in the 2017 IEEE International Symposium on Technologies for Homeland Security (HST).
Further refining the model’s eight insider threat types and investigating their relationships to observable malicious insider behavior are among the next steps researchers plan to take in the project.