Organizations Readiness for Insider Attacks

An insider threat is a malicious activity against an organization that comes from users with legitimate access to an organizations network, applications, or databases. Traditionally, organizations have mainly focused on protecting their infrastructure from external security threats. However, as reported by a recent Ponemon institute study [1], insider threats are a growing challenge for organizations as number of insider related incidents have increased by 47% in the last couple of years and organizations have spent an average of $755,000 on each insider-related incident. Typically, insider attacks are difficult to detect as threat users have legitimate access to the organizations infrastructure and data. As a result, usual security products will tag such behaviours as normal and not trigger any alerts. Despite the significance of this area, very little investigation has been conducted on providing solutions to mitigate insider attacks. It is imperative to develop frameworks that can help organizations to evaluate their readiness to protect them from such insider attacks. Evaluating the readiness to manage insider attacks will help organizations to identify their weakness and hence take necessary mitigation steps against such threats. The objective of this research is to propose a readiness model for insider attacks to assist organization in measuring their readiness for insider attacks. To develop this readiness model, a multivocal literature review will be conducted to identify the main knowledge areas and best practices of insider attacks for organizations. Furthermore, we will identify the necessary steps for the implementation of the readiness model to help organizations in quickly adopting the readiness model. A case study approach will be used to assess the readiness model in the real-world environment