Abstract
The insider threat has consistently been identified as a key threat to organizations and governments. Understanding the nature of insider threats and the related threat landscape can help in forming mitigation strategies, including non-technical means. In this paper, we survey and highlight challenges associated with the identification and detection of insider threats in both public and private sector organizations, especially those part of a nation’s critical infrastructure. We explore the utility of the cyber kill chain to understand insider threats, as well as understanding the underpinning human behavior and psychological factors. The existing defense techniques are discussed and critically analyzed, and improvements are suggested, in line with the current state-of-the-art cyber security requirements. Finally, open problems related to the insider threat are identified and future research directions are discussed.
Highlights
The threats that insiders pose to government organizations, businesses, and institutions continue to be a critical concern
The present work aims to extend the knowledge of how insider threat is expanding and to detail the comprehensive actions required by organizations to address the critical risks it poses
As a novel contribution to the literature, we identified the relevance of insider threat to the cyber kill chain and its propagation through different phases
Summary
The threats that insiders pose to government organizations, businesses, and institutions continue to be a critical concern. Businesses invest in security defenses to strengthen their network against outside malicious attacks They fail to deploy protection against potential threats by malicious or compromised insiders. Because insiders have access to valuable information assets that are unavailable to outsiders, damages resulting from insider attacks can be devastating These threats are increasing in scale, scope, and sophistication; emphasizing the critical need for organizations to apply current security techniques. Credentials are provided to trusted employees, such as username and passwords, offering a gateway to an organization’s information network, meaning concealment within the infrastructure is effortless [7] This threat is sophisticated enough to compromise the security principles of confidentiality, integrity, and availability that must be guaranteed for any secure defense system [8]. As per a recent survey, 27% of the total cyber crime incidents were supposed to be conducted by insiders, and 30% of respondents specified that the destruction caused by insiders was more severe than the loss caused by external attackers [9]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
