Skip to main content
SpringerLink
Log in

Insider Threat

  • Chapter
  • First Online:
Cyber Defence in the Age of AI, Smart Societies and Augmented Humanity

Abstract

This chapter discusses the threat arising from within the organisation, whether from negligence, malice, or exploitation by an external party. The trusted insider is one of the greatest challenges facing organisations today. The analysis considers the balance to be struck between allowing insiders access and privileges to show trust and increase productivity, and securing that access at the cost of good will and with an increased risk of workarounds being found, placing vulnerabilities at the heart of an organisation’s policies and processes. The tactics of social engineering and exploitation of human psychology to compromise or completely bypass technical and procedural security measures are considered, along with the effectiveness of training and difficulties of raising cultural awareness of security on a long term basis in a rapidly changing technological landscape.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The use of solutions or systems by individuals or groups within an organisation outside the oversight of a governing IT or cyber security function, more common and often seen as inevitable within large organisations.

  2. 2.

    Files or information designed to appeal to a malicious party, often with dummy sensitive information. In more advanced implementations the files may have dynamically generated watermarking such that individuals will be linked to unique files, making investigation a simple process.

  3. 3.

    A synthetic behavioural model of a person or other entity used to predict behaviour, whether predicting drug interactions in medical research or purchasing patterns in online shopping.

  4. 4.

    Augmented Reality is use the use of technology to enhance the real world using technologies such as digital overlays to provide contextual information, or insert artificial digitally generated 3D objects into a real-time landscape.

  5. 5.

    Using wearable or implanted technology to enhance the capabilities of a human.

References

  1. Ad That Fooled Amazon Device Cleared (2018) In: BBC news. Business. https://www.bbc.com/news/business-43044693 (visited on 27 Aug 2019)

  2. Alexa User Accesses Stranger’s Chats (2018) In: BBC news. Technology. https://www.bbc.com/news/technology-46637427 (visited on 27 Aug 2019)

  3. Bada M, Sasse AM, Nurse JRC (2019) Cyber security awareness campaigns: why do they fail to change behaviour? arXiv: 1901.02672 [cs]. http://arxiv.org/abs/1901.02672 (visited on 12 Aug 2019)

  4. BBC (2018) Naughty parrot keeps using Alexa to buy things online – CBBC newsround. In: Newsround. https://www.bbc.co.uk/newsround/46566019 (visited on 20 Aug 2019)

  5. Chen Y, Cheung ASY (2017) The transparent self under big data profiling: privacy and chinese legislation on the social credit system. SSRN scholarly paper ID 2992537. Social Science Research Network, Rochester. https://papers.ssrn.com/abstract=2992537 (visited on 20 Aug 2019)

  6. Chesney R, Citron DK (2018) Deep fakes: a looming challenge for privacy, democracy, and national security. SSRN scholarly paper ID 3213954. Social Science Research Network, Rochester. https://papers.ssrn.com/abstract=3213954 (visited on 02 Sept 2019)

  7. Day M, Turner G, Drozdiak N (2019) Amazon workers are listening to what you tell Alexa. In: Bloomberg.com. https://www.bloomberg.com/news/articles/2019-04-10/is-anyone-listening-to-you-on-alexa-a-global-team-reviews-audio (visited on 27 Aug 2019)

  8. Defense Science Board (2017) DSB task force on cyber supply chain. https://www.acq.osd.mil/dsb/reports/2010s/DSBCyberSupplyChainExecutiveSummary-Distribution_A.pdf (visited on 31 Aug 2019)

  9. E-identity (2019) https://e-estonia.com/solutions/e-identity/ (visited on 02 Sept 2019)

  10. Fake Obama Created Using AI Video Tool (2019) https://www.bbc.com/news/av/technology-40598465/fake-obama-created-using-ai-tool-to-make-phoney-speeches (visited on 02 Sept 2019)

  11. Fikse TD (2018) Imagining deceptive deepfakes: an ethnographic exploration of fake videos. Master’s thesis, p 58

    Google Scholar 

  12. Floridi L (2018) Artificial intelligence, deepfakes and a future of ectypes. Philos Technol 31(3):317–321. ISSN:2210-5441. https://doi.org/10.1007/s13347-018-0325-3 (visited on 02 Sept 2019)

  13. Henderson C (2019) Package delivery! Cybercriminals at your doorstep. https://securityintelligence.com/posts/package-delivery-cybercriminals-at-your-doorstep/ (visited on 12 Aug 2019)

  14. Homoliak I et al (2019) Insight into insiders and IT: a survey of insider threat taxonomies, analysis, modeling, and countermeasures. ACM Comput Surv 52(2):1–40. ISSN:03600300. https://doi.org/10.1145/3303771. http://dl.acm.org/citation.cfm?doid=3320149.3303771 (visited on 12 Aug 2019)

  15. ICO (2018) ICO data security trends Q4 2017-18. https://ico.org.uk/media/action-weve-taken/reports/2014675/data-security-trends-pdf.pdf (visited on 29 July 2019)

  16. ISACA (2019) State of cyber 2019. https://view.ceros.com/isaca/state-of-cyber-2019 (visited on 29 July 2019)

  17. Kelion L (2014) Xbox one ad switches on consoles. In: BBC news. Technology. https://www.bbc.com/news/technology-27827545 (visited on 27 Aug 2019)

  18. Lee D (2018) Amazon Alexa heard and sent private chat. In: BBC news. Technology. https://www.bbc.com/news/technology-44248122 (visited on 27 Aug 2019)

  19. Lehman J et al (2018) The surprising creativity of digital evolution: a collection of anecdotes from the evolutionary computation and artificial life research communities. In: arXiv: 1803.03453 [cs]. http://arxiv.org/abs/1803.03453 (visited on 21 Aug 2019)

  20. Mallmann GL, Gastaud Maçada AC, Oliveira M (2018) The influence of shadow IT usage on knowledge sharing: an exploratory study with IT users. Bus Inf Rev 35(1):17–28. ISSN:0266-3821. https://doi.org/10.1177/0266382118760143 (visited on 01 Aug 2019)

  21. Mansfield-Devine S (2016) The imitation game: how business email compromise scams are robbing organisations. Comput Fraud Secur 2016(11):5–10. ISSN:1361-3723. https://doi.org/10.1016/S1361-3723(16)30089-6. http://www.sciencedirect.com/science/article/pii/S1361372316300896 (visited on 12 Aug 2019)

  22. Maras M-H, Alexandrou A (2019) Determining authenticity of video evidence in the age of artificial intelligence and in the wake of deepfake videos. Int J Evid Proof 23(3):255–262. ISSN:1365-7127. https://doi.org/10.1177/1365712718807226 (visited on 22 July 2019)

  23. Matern F, Riess C, Stamminger M (2019) Exploiting visual artifacts to 17 expose deepfakes and face manipulations. In: 2019 IEEE winter applications of computer vision workshops (WACVW), pp 83–92. https://doi.org/10.1109/WACVW.2019.00020

  24. The PEOPLE, Plaintiff and Respondent, v. Terry CHILDS, Defendant and Appellant (2013) Court of Appeal, First District, Division 4, California

    Google Scholar 

  25. Ponemon Institute and Accenture (2017) 2017 cost of cybercrime study. https://www.accenture.com/t20170926t072837z_w_/us-en/_acnmedia/pdf-61/accenture-2017-costcybercrimestudy.pdf (visited on 12 Aug 2019)

  26. Reed T, Geis J, Dietrich S (2011) SkyNET: a 3G-enabled mobile attack drone and stealth botmaster. In WOOT, pp 28–36

    Google Scholar 

  27. Rios B, Butts J (2018) Black Hat USA 2018. https://www.blackhat.com/us-18/briefings/schedule/#understanding-and-exploiting-implanted-medical-devices-11733 (visited on 27 Aug 2019)

  28. Sanzgiri A, Dasgupta D (2016) Classification of insider threat detection techniques. In: Proceedings of the 11th annual cyber and information security research conference on – CISRC’16. The 11th annual cyber and information security research conference. ACM Press, Oak Ridge, pp 1–4. ISBN:978-1-4503-3752-6. https://doi.org/10.1145/2897795.2897799. http://dl.acm.org/citation.cfm?doid=2897795.2897799 (visited on 12 Aug 2019)

  29. Thing VLL, Wu J (2016) Autonomous vehicle security: a taxonomy of attacks and defences. In: 2016 IEEE international conference on internet of things (iThings) and IEEE green computing and communications (GreenCom) and IEEE cyber, physical and social computing (CP-SCom) and IEEE smart data (SmartData), pp 164–170. https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData.2016.52

  30. Vamosi R (2018) Casino’s aquarium leaks high rollers’ personal data, 17 Apr. https://blogs.synopsys.com/from-silicon-to-software/2018/04/17/casinos-aquarium-leaks-high-rollers-personal-data/ (visited on 27 Aug 2019)

  31. Wakefield J (2017) Burger king ad sabotaged on Wikipedia. In: BBC news. Technology. https://www.bbc.com/news/technology-39589013 (visited on 27 Aug 2019)

  32. Yang X, Li Y, Lyu S (2019) Exposing deep fakes using inconsistent head poses. In: ICASSP 2019 – 2019 IEEE international conference on acoustics, speech and signal processing (ICASSP), pp 8261–8265. https://doi.org/10.1109/ICASSP.2019.8683164

  33. Zollhöfer M et al (2018) State of the art on monocular 3D face reconstruction, tracking, and applications. Comput Graphics Forum 37(2):523–550. ISSN:1467-8659. https://onlinelibrary.wiley.com/doi/abs/10.1111/cgf.13382 (visited on 12 Aug 2019)

Download references

Author information

Authors and Affiliations

  1. Independent Researcher, London, UK

    James Bore

Authors
  1. James Bore
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to James Bore .

Editor information

Editors and Affiliations

  1. Northumbria University, London, UK

    Hamid Jahankhani

  2. Cyfortis, Worcester Park, Surrey, UK

    Stefan Kendzierskyj

  3. Open Innovation House, Saidot OY, ESPOO, Finland

    Nishan Chelvachandran

  4. Northumbria University, London, UK

    Jaime Ibarra

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Bore, J. (2020). Insider Threat. In: Jahankhani, H., Kendzierskyj, S., Chelvachandran, N., Ibarra, J. (eds) Cyber Defence in the Age of AI, Smart Societies and Augmented Humanity. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-35746-7_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-35746-7_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-35745-0

  • Online ISBN: 978-3-030-35746-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation