| Cybersecurity practitioners are able to change organizational attitudes toward potentially expensive insider threat program components by shifting from traditional, security-based reasoning to identifying inefficiency and reducing costs. The intent of this research was to evaluate existing countermeasures used against malicious insiders to determine how detection, deterrence and mitigation strategies can be enhanced. An evaluation of the approach used by major insider threat research efforts was conducted; resulting in the discovery of significant discrepancies between governmental, academic and professional understandings of this problem. This paper identified techniques that can be used to shape the workplace environment to combat insider threats by combining the efforts of cybersecurity professionals and the human resources and legal departments of an organization. It also revealed ways that additional data feeds can be incorporated into detection methods, such as those obtained through the collection of open source intelligence and through practices such as positive social engineering. This paper concluded by addressing what an organization can do to defend itself against insider threats through the application of current legal standards to existing agreements. Refinements in the approach used to detect, deter and mitigate the actions of insider threats are warranted. Businesses can realize reduced operating costs by adapting institutional policies and procedures against malicious insider threats through the application of creative and flexible countermeasures. |
PDF Full Text Request