Technical report | Preventing and Profiling Malicious Insider Attacks

ABSTRACT

This report examines previous research on malicious insiders with particular emphasis on the social and psychological factors that may have influenced the attacker and their behaviours. This research also draws on corresponding studies into fraud and espionage in non IT scenarios. A range of preventative measures is presented that approach the problem from personnel, policy and technical perspectives. Given the relative scarcity of research into non-technical aspects of malicious insider attacks, further recommendations are also made to study malicious insiders, involving both government and academic stakeholders. Such research has the potential to provide further preventative measures.

EXECUTIVE SUMMARY

Insider threat presents an ever increasing problem within Australian government agencies and organisations. The financial repercussions, losses in productivity and damage to public and consumer confidence may result in far reaching negative consequences.

A review of recent literature has revealed that limited research has been conducted into this area. Due to the nature of the problem, previous research has been based on retrospective accounts that examine the details of the insider attacks. However, organisations are often hesitant to reveal details of their experiences with insider attacks.

The aim of this report is to provide specific information about the individuals who commit insider attacks. This includes motivating factors, personality traits and observable behaviours that may assist organisations in the detection and profiling of insiders. In conjunction with this, the identification of technical precursors may prove to be a valuable tool in the detection of an insider threat.

There are certain preventative measures that organisations can implement to improve their overall security and to significantly reduce their chances of becoming targets of insider attacks. For a holistic approach, it is recommended that preventative measures be designed to incorporate three major areas; personnel, policy, and technical aspects.

It is strongly recommended that further research be undertaken within Australia to enhance our understanding of the threat. This may include an analysis of previous attacks to obtain details of any psychological and motivating factors. These factors should also be examined within the incident response to gain insight from information gathered at the time of the attack. Future research should also have an empirical basis to enhance our understanding, which may lead to further preventative measures.