ISSN 2348-1196 (print) International Journal of Computer Science and Information Technology Research ISSN 2348-120X (online) Vol. 8, Issue 1, pp: (32-37), Month: January - March 2020, Available at: www.researchpublish.com
Protocols and Standards of Insider Threat: Issues and challenges 1 1,2
Latifa Hussaini, 2Jamaludin Ibrahim
Faculty of Information and Communication Technology, International Islamic University Malaysia
Abstract: Threat from the insider of corporates is a serious problem since it is very challenging to recognize them from a benign activity. In this paper, we discuss and describing various types of insider threats. Next, we discuss the related work on insider threat mitigation in both technical and non-technical approaches. It is found that tackling insider threat requires both technical, and non-technical approaches to enable qualified detection of threats and seems to lose importance an IT infrastructure is used in performing insider attacks. Keywords: Insider threat, Cyber security, Insider threat Mitigation.
1. INTRODUCTION Remotely hosted services on the cloud are being used by 80 percent of the organizations and a greater number of them are depending on the computers in every aspect of their daily operation [1]. Most administrators have begun to centralize citizens' information in large data service centers, while the citizens themselves also rely on cloud computing to store their confidential data. All this makes data theft simpler. Most of the decision-makers in governments and companies are concentrating on external cyber-attacks such as the denial of service, viruses, Trojan horse, Worm, unauthorized access, etc. To hinder networks from external cyber-attacks, 10 percent of the IT budget has been used to protect the organizations from external attacks. However, recent evidence depicts that both external and insider threat is notable [1], while the harm caused by insider threats are harmful than that of outsider attacks [2]. This means that anyone who has the authorization to access an organization’s data assets is more serious than any other security threat. The priciest form of attack is insider which costs $8.76 million according to 2018 recent report the Ponemon Institute report [3]. This is because the insider has knowledge of organizations processes, and access to, their employer’s assets, this has come about because such an individual has had the trust of the organization causing him or her to be supplied with authorized access so that it is possible to bypass all physical and electronic security measures. However, the number of insider threat incidents has continued to increase to a high extent. According to an insider threat report, 70% of organizations observed that insider attacks have become more frequent over the last 12 months. 60% have experienced one or more insider attacks within the last 12 months [4] but a study shows that more than 70% of these incidents usually go unreported and are handled internally [5]. 1.1 What is an Insider Threat? To understand the definition of an insider threat, we must know what an insider is. An insider - ―Is a person that has been legitimately empowered with the right to access, represent, or decide about one or more assets of the organization’s structure‖ [6], simply as: an individual who has authorized access to organizations network, system, or data. A Threat – refers to anything that has the potential to cause serious harm or damage to an organization’s IT systems or assets. An insider threat is a malicious threat to an organization that comes from people within the organization such as - a) on the part of an employee (privileged users, such as IT team members and superusers) b) knowledge workers and those who have had authorized access to the company’s IT assets (analysts, developers, resigned or terminated employees) c) Employees involved in a merger or acquisition e) third parties such as vendors, contractors, partners.
Page | 32 Research Publish Journals