Essay Example on Insider Threats: Malicious or Unintentional?

Introduction

An insider threat "is the potential for an insider to harm an organization by leveraging his or her privileged level of knowledge and/or access" (Gelles 2016, p. 3). Experts classify insider threats as malicious when it involves intentional exceeding or misusing the privilege of access assigned to an individual "in a manner that negatively affected the confidentiality, integrity, or availability of the organization's information or information systems" (Cappelli, 2012, p. 294). Unintentional insider threat involves "an individual who is complacent or ignorant about security policies and procedure," (Gelles 2016, p. 3) which leads to accidental negative results on the "confidentiality, availability, or integrity of an organization's information or information systems, possibly by being tricked by an outsider's use of social engineering" (Cappelli et al., 2012, p. 354). Ultimately, insider threats have the potential to adversely impact "on any aspect of an organization, including employee and/or public safety, reputation, operations, finances, national security, and mission continuity" (Gelles, 2016, p. 4). Insider fraud and sabotage are among the most common classes of insider threats. The discussion that follows examines these threats in-depth.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Insider Fraud Threat

Insider fraud is "an insider's use of IT for the unauthorized modification, addition or deletion of an organization's data (not programs or systems) for personal gain or the theft of information that leads to identity crime" (Cappelli et al., 2012, p. 294). In this context, identity crime means the misappropriation of private or financial identifiers to obtain valuables or facilitate some other illegal activity (Sullivan, 2018).

Patterns of Insider Fraud

Financial gain is the primary reason why perpetrators commit insider fraud (Cappelli et al., 2012) Insiders usually are low-level employees who have easy access to data of their job description (Cappelli et al., 2012). As a result, perpetrators of insider fraud are generally staff members characteristically doing what they do in typical day in office (Cappelli et al., 2012). Thus, the majority of insider fraud incidents transpires during standard working hours, when the culprit is on-site and can therefore use their access (Cappelli et al., 2012). These factors make it difficult to detect malicious insider activities.

The theory of fraud triangle that Donald Cressey developed offers the best explanation of why people commit insider fraud (Cappelli et al., 2012). Cressey proposed that fraudsters are motivated by three factors: pressure to, availability of the opportunity to, and rationalization for committing fraud (Cappelli et al., 2012)

The pressure to instigate insider fraud primarily originates from financial problem. As for opportunity, it ascends from favorable conditions that facilitates deception and desecration of confidence (Cappelli et al., 2012). Insider fraudster gets opportunity from their access to information that is typically offered as part of their job. Additionally, perception that the likelihood of being caught is low enhances the opportunity (Cappelli et al., 2012). Finally, rationalization involves an insider establishing some justifications for the decision to commit fraud as well as the process through which insiders mold their deceitful conduct to fit their personal integrity or lithe moral codes (Cappelli et al., 2012).

Insider fraud usually goes on for an extended period, which is usually more than a year (Cappelli et al., 2012). During this timeline, the instigator steal or alters insignificant bits of data, for instance credit card numbers, Social Security records, and credit history information (Sullivan, 2018). Given that each infraction benefits the insider financially and involves moderately low chance of defection, rationalizing to carry on with fraud is easy (Cappelli et al., 2012).

Emerging Form of Insider Fraud

A new form of insider fraud is emerging where organizations are the beneficiaries. The pressure, justification, and prospect may directly originate from the management (Sullivan, 2018). For instance, in 2016, a scandal regarding duplicitous account opening hit Wells Fargo following the discovery that the company has led its employees to open about 3.5 million fake customer accounts (Sullivan, 2018). The company had implemented a strategy requiring all its sales representatives to meet some quota (Sullivan, 2018). Those who did not meet the quota lost their job while the ones who reached it got bonuses (Sullivan, 2018). As a result, the company supplied its employees with the pressure, opportunity, and rationalization to commit fraudulently open accounts without its customers' knowledge or authorization (Sullivan, 2018).

Insider IT Sabotage Threat

Insider IT Sabotage occurs when "an insider uses IT to direct specific harm at an organization or an individual." Essentially, incidences of insider sabotage include deleting critical data, bringing down systems, or defacing Web sites.

Patterns Insider IT Sabotage

Insiders IT saboteurs are mostly sophisticated users who typically possess advanced technical knowhow, have the access, ability, and motivation to execute an attack and also conceal it. They normally carry out the crime to embarrass an organization (Cappelli et al., 2012) by disrupting or termination business activities (Miller, 2016). Insider IT sabotage is a short-term and one-time crime could merely take a few minutes to execute. Cappelli et al., (2012) thus describe it as a "big-bang" occurrence "where the insider commits the crime and leaves the organization as fast as he can" (p. 110).

Insiders are generally disgruntled (Collins, 2016) as a result of unmet expectations (Cappelli et al., 2012) and have feelings of perceived injustice against them (Claycomb et al., 2012). Adverse work-related events are the primary reason why saboteurs cause an attack, intending to serve revenge to those they hold in contempt (Claycomb et al., 2012). It is common for insiders to plan their actions well in advance before actualizing their them (Claycomb et al., 2012) Mostly, insiders hold technical positions within a company (Cappelli et al., 2012). However, unlike insider fraud instigators, majority of saboteurs prefer remote access when executing the crime. As a result, they usually attack outside working hours (Claycomb et al., 2012).

Computer Forensic Investigation

The US-CERT (2008) defines computer forensics as "as the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law" (p.1). Forensics investigation involves recovering and analyzing concealed (or latent) evidence (US-CERT, 2008). This evidence may include fingerprints left in the crime scene or DNA evidence that forensic investigators recover from blood stains or files on a hard disk (US-CERT, 2008).

References

Cappelli, D., Moore, A., & Trzeciak, R. (2012). The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (theft, Sabotage, Fraud). Addison-Wesley Professional.

Claycomb, W. R., Huth, C. L., Flynn, L., McIntire, D. M., Lewellen, T. B., & Center, C. I. T. (2012). Chronological Examination of Insider Threat Sabotage: Preliminary Observations. JoWUA, 3(4), 4-20.

CNN. (2015, March 22). The danger of digital terrorism [Video file]. Retrieved from https://www.youtube.com/watch?v=j0ABs93ZuW0

Collins, M. (2016). Common sense guide to mitigating insider threats (No. CMU/SEI-2016-TR-015). CARNEGIE-MELLON UNIV PITTSBURGH PA PITTSBURGH United States.

Gelles, M. G. (2016). Insider Threat: Prevention, Detection, Mitigation, and Deterrence. Oxford, England: Butterworth-Heinemann.

Sullivan, P. (2018, September). How insider fraud can be detected and avoided in the enterprise. Retrieved from https://searchsecurity.techtarget.com/tip/How-insider-fraud-can-be-detected-and-avoided-in-the-enterprise

TED. (2014, April 12). Petra Bartosiewicz: What is a terrorist: [Video file]. Retrieved from https://www.youtube.com/watch?v=lell9lE-qnY

TED. (2015, July 7). D. Sivanandhan: Technology and Terrorism [Video file]. Retrieved from https://www.youtube.com/watch?v=epgUnsImO4M

US-CERT. (2008). Computer forensics. Retrieved from US-CERT website: https://www.us-cert.gov/security-publications/computer-forensics