Are you a fallible frog or a misbehaving magpie? Perhaps you feel more like a disempowered marionette?
When it comes to the 鈥榠nsider threat鈥 posed to an organisation鈥檚 cybersecurity every employee falls into one of seven categories, according to a researcher at the 糖心视频.
The categories have been developed by Dr Karen Renaud, Reader in the Department of Computer & Information Science, working with colleagues from Mississippi State University, Charles Sturt University and Abertay University.
They were created as part of a framework to help organisations better identify and address insider threats 鈥 employees who may unwittingly or deliberately cause a damaging breach of computers, software or other information systems.
Practical strategies
The framework identifies seven categories of insider threat, each reflecting distinct behaviours, and offers practical strategies to mitigate these risks:
- Blissfully Ignorant Dodo: Employees unaware of security risks who may unintentionally expose organisations to threats. Mitigation: Retraining and education to build awareness and promote secure practices.
- Fallible Frog: Staff vulnerable to errors due to fatigue, stress, or manipulation. Mitigation: Providing support, addressing burnout, and fostering an understanding of their critical role in maintaining security.
- Disempowered Marionette: Individuals constrained by rigid processes and unprepared for new threats, such as those posed by generative AI. Mitigation: Reducing reliance on inflexible rule-based systems and equipping staff to handle novel challenges.
- Whistleblowing Dolphin: Employees with a strong moral compass who expose unethical behaviours. Mitigation: Encouraging ethical practices and maintaining confidential reporting channels to address issues internally.
- Misbehaving Magpie: Staff driven by curiosity or dissatisfaction who bypass security measures. Mitigation: Monitoring behaviours and ensuring that employees are thoroughly vetted and supported.
- Ideologue Ant: individuals who are driven by ideology and act deliberately to steal vital secrets or set out to harm organisations for ideological purposes. Mitigation: Ensure that people are thoroughly vetted before being employed and monitor employee behaviours.
- Malicious Mamba: Individuals seeking to harm their organisation, often in retaliation. Mitigation: Implementing technical access controls, monitoring employee activities, and fostering a positive workplace culture to discourage retaliation.
The categories were created based on research published in the and , an extensive literature review and a survey of senior company executives to inform mitigations which align with each different insider threat type.
Utmost importance
A by software company Bitglass found that 61% of companies who responded had suffered an insider threat in the previous 12 months, while a found that 22% of data leaks were caused by employees.
Dr Renaud said: 鈥淪ociety鈥檚 reliance on computers and data makes cybersecurity of utmost importance today, and governments and companies are faced with an increasing barrage of threats.
鈥淭hese threats might come from malicious hackers but equally may originate from inside an organisation, from staff who have legitimate access to all internal data and systems.
It is vital that organisations recognise the threat from within 鈥 whether through employees鈥 lack of understanding and awareness of the threat to cybersecurity or through intentionally malign or ideological acts.
鈥淭he categorisation we have developed aims to help organisations understand the different types of insider threat and the actions they can take to reduce this.鈥
Organisational resilience
The framework underlines the importance of combining employee-focused strategies with technical measures, such as access controls and monitoring, to enhance organisational resilience against insider threats.
Dr Renaud is a member of StrathCyber, the Cyber Security Group at the University, which produces internationally-recognised research into the technical, human, societal and organisational aspects of cybersecurity.
The Group is recognised by GCHQ鈥檚 National Cyber Security Centre (NCSC) and the Engineering and Physical Sciences Research Council (EPSRC) as an . Our Graduate Apprenticeship MSc Cyber Security is also accredited by the NCSC.