Cybersecurity ‘insider threats’ fall into seven categories, says researcher

Are you a fallible frog or a misbehaving magpie? Perhaps you feel more like a disempowered marionette? When it comes to the ‘insider threat’ posed to an organization’s cybersecurity, every employee falls into one of seven categories, according to a researcher at the University of Strathclyde.

The categories have been developed by Dr. Karen Renaud, Reader in the Department of Computer & Information Science, working with colleagues from Mississippi State University, Charles Sturt University and Abertay University.

They were created as part of a framework to help organizations better identify and address insider threats—employees who may unwittingly or deliberately cause a damaging breach of computers, software or other information systems.

Practical strategies

The framework identifies seven categories of insider threat, each reflecting distinct behaviors, and offers practical strategies to mitigate these risks:

• Blissfully Ignorant Dodo: Employees unaware of security risks who may unintentionally expose organizations to threats. Mitigation: Retraining and education to build awareness and promote secure practices.
• Fallible Frog: Staff vulnerable to errors due to fatigue, stress, or manipulation. Mitigation: Providing support, addressing burnout, and fostering an understanding of their critical role in maintaining security.
• Disempowered Marionette: Individuals constrained by rigid processes and unprepared for new threats, such as those posed by generative AI. Mitigation: Reducing reliance on inflexible rule-based systems and equipping staff to handle novel challenges.
• Whistleblowing Dolphin: Employees with a strong moral compass who expose unethical behaviors. Mitigation: Encouraging ethical practices and maintaining confidential reporting channels to address issues internally.
• Misbehaving Magpie: Staff driven by curiosity or dissatisfaction who bypass security measures. Mitigation: Monitoring behaviors and ensuring that employees are thoroughly vetted and supported.
• Ideologue Ant: individuals who are driven by ideology and act deliberately to steal vital secrets or set out to harm organizations for ideological purposes. Mitigation: Ensure that people are thoroughly vetted before being employed and monitor employee behaviors.
• Malicious Mamba: Individuals seeking to harm their organization, often in retaliation. Mitigation: Implementing technical access controls, monitoring employee activities, and fostering a positive workplace culture to discourage retaliation.

The categories were created based on research published in Information & Management and Computer Fraud & Security, an extensive literature review and a survey of senior company executives to inform mitigations which align with each different insider threat type.

Utmost importance

A 2020 survey by software company Bitglass found that 61% of companies who responded had suffered an insider threat in the previous 12 months, while a 2022 report from cybersecurity firm Kaspersky found that 22% of data leaks were caused by employees.

Dr. Renaud said, “Society’s reliance on computers and data makes cybersecurity of utmost importance today, and governments and companies are faced with an increasing barrage of threats.

“These threats might come from malicious hackers but equally may originate from inside an organization, from staff who have legitimate access to all internal data and systems.

“The categorization we have developed aims to help organizations understand the different types of insider threat and the actions they can take to reduce this.”

The framework underlines the importance of combining employee-focused strategies with technical measures, such as access controls and monitoring, to enhance organizational resilience against insider threats.