Dissertation/Thesis Abstract

Examination of Insider Threats: A Growing Concern
by Hartline, Cecil L., Jr., M.S., Utica College, 2017, 72; 10687276
Abstract (Summary)

The National Infrastructure Advisory Council (NAIC) reports that "...preventing all insider threats is neither possible nor economically feasible..." because the threat is already behind perimeter defenses and often know exactly where vulnerabilities exist within organizations (Cline, 2016). The purpose of this research was to determine the prevalence of malicious and unintentional insider threats. Statistically, the numbers support the idea that insider threats are increasing and occurring more frequently. The true numbers, which only account for the incidents that were reported, may be higher than originally expected. The statistical numbers are likely to much higher because organizations fear reputational damage and client loss. Organizations give reasons such as not enough evidence for conviction or too hard to prove guilt. The result of the paper indicates that companies focus most of their resources on external threats and not the insider threat that is costlier to remediate and considered the most damaging of all threats. The research focuses on malicious and unintentional insider threats and how they are different. A 2018 Crowd Research Partners report found 90% of organizations believe they are vulnerable to insider attacks, while 53% of businesses confirmed they had experienced an insider threat in the past 12 months (Crowd Research Partners, 2017a). The insider threat is hard to manage because an organization not only need worry about their own employees they also must monitor and manage third-party vendors, partners, and contractors. However, with a combination of technical and nontechnical solutions, including an insider threat program, companies can detect, deter, prevent or at least reduce the impacts of insider threats. Abstract The National Infrastructure Advisory Council (NAIC) reports that "...preventing all insider threats is neither possible nor economically feasible..." because the threat is already behind perimeter defenses and often know exactly where vulnerabilities exist within organizations (Cline, 2016). The purpose of this research was to determine the prevalence of malicious and unintentional insider threats. Statistically, the numbers support the idea that insider threats are increasing and occurring more frequently. The true numbers, which only account for the incidents that were reported, may be higher than originally expected. The statistical numbers are likely to much higher because organizations fear reputational damage and client loss. Organizations give reasons such as not enough evidence for conviction or too hard to prove guilt. The result of the paper indicates that companies focus most of their resources on external threats and not the insider threat that is costlier to remediate and considered the most damaging of all threats. The research focuses on malicious and unintentional insider threats and how they are different. A 2018 Crowd Research Partners report found 90% of organizations believe they are vulnerable to insider attacks, while 53% of businesses confirmed they had experienced an insider threat in the past 12 months (Crowd Research Partners, 2017a). The insider threat is hard to manage because an organization not only need worry about their own employees they also must monitor and manage third-party vendors, partners, and contractors. However, with a combination of technical and nontechnical solutions, including an insider threat program, companies can detect, deter, prevent or at least reduce the impacts of insider threats.

Indexing (document details)
Advisor: Riddell, Christopher, Corbo, Duane
Commitee:
School: Utica College
Department: Cybersecurity
School Location: United States -- New York
Source: MAI 57/02M(E), Masters Abstracts International
Source Type: DISSERTATION
Subjects: Behavioral psychology, Information Technology, Information science
Keywords: Business email compromise, Cybersecurity, Insider threats, Phishing, Social engineering
Publication Number: 10687276
ISBN: 9780355541595
Copyright © 2019 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy
ProQuest