ND Expert: WikiLeaks points out danger of insider threats to information security

Dec 07, 2010

Even as WikiLeaks faces increasing public outcry over security breaches, potential prosecution of its founder and crippling cyber-attacks, there are probably more information leaks to come, says information security expert John D’Arcy, assistant professor of information technology management at the University of Notre Dame.

The reason has to do with the fact that organizations haven’t paid enough attention to their greatest security threats – their employees.

“The recent WikiLeaks incident is no fluke, and certainly points to the increasing insider threat to ,” says D’Arcy. “Although sentiment has begun to shift, organizations have traditionally approached information security with a technological focus through investment in firewalls, network detection systems and monitoring technologies. However, these technologies are useless against the motivated insider who wants to damage the organization by leaking sensitive information.”

Even prior to WikiLeaks, studies found that data breaches are costly problems for U.S. companies – about $3.5 billion in opportunity costs and remedial actions for the nearly 500 incidences reported in 2009, according to Ponemon Institute. If consumer losses and an estimate of unreported breaches are figured in, the cost of data breaches ratchets into the tens, if not hundreds of billions of dollars, according to a United Nations report.

Perhaps most surprising, the study also found that three-quarters of all U.S. data breaches are due to insiders at the organization. Only about 24 percent of all breaches studied involved some sort of criminal or other malicious act.

D’Arcy’s research examines whether awareness of a company’s security policies influences the employee’s perceived threat of punishment, and whether this perception in turn reduces incidences of information being used inappropriately.

“In terms of dealing with the insider threat, organizations need to realize that information security is a management issue – not just a technical issue – that requires a coordinated approach,” says D’Arcy. “Security experts are now suggesting that IT personnel start working with human resources and other functional areas to look for behavioral signs ahead of time that could prevent insider security incidents.”

For example, D’Arcy says, data indicates that a significant number of insider security incidents are perpetrated by disgruntled workers who have publicly expressed their angst via social media (wikis, blogs, Facebook and so on). “I expect to see a rise in employee ‘profiling’ as a mechanism to combat the insider security threat,” he adds.

As a side note, D’Arcy points out that the WikiLeaks incident also underscores the potential damage, beyond financial damage, that can accrue from an information security breach. “For example, the WikiLeaks leaked news that the U.S. government accused the Chinese government of large scale attacks on several U.S. businesses – including Google, Adobe and Intel – last January. To date, the Chinese government has denied this claim; however, the WikiLeaks incident may certainly cause tension between the U.S. and other nations such as China.”

D’Arcy’s study, “User Awareness of Security Countermeasures and Its impact on Information Systems Misuse: A Deterrent Approach,” co-authored with Anat Hovav of Korea University Business School and Dennis Galletta of the University of Pittsburgh, was published in the March 2009 edition of Information Systems Research.

Explore further: Privacy groups take 2nd hit on license plate data

add to favorites email to friend print save as pdf

Related Stories

Modern society made up of all types

Nov 04, 2010

Modern society has an intense interest in classifying people into ‘types’, according to a University of Melbourne Cultural Historian, leading to potentially catastrophic life-changing outcomes for those typed – ...

Unions make both members and nonmembers happier

Nov 05, 2010

It’s no coincidence that American workers have never been more dissatisfied with their jobs, and labor unions’ membership keeps dropping, according to a new study co-authored by University of Notre Dame political scienti ...

New report calls for family-security insurance

Dec 06, 2010

(PhysOrg.com) -- Researchers at Berkeley Law and Georgetown Law have released a blueprint for a national insurance program -- which would replace wages when people need to take time off for health and care-giving. ...

Consumer confidence hits five-year high in Michigan

Oct 27, 2010

(PhysOrg.com) -- Despite Michigan’s continued economic malaise, residents’ optimism about the future is at its highest in nearly five years, according to Michigan State University’s latest State of the State ...

Satisfying job leads to better mental health

Oct 14, 2010

(PhysOrg.com) -- If you want to have good mental health, it’s not enough to just have a job, you should also have a job that satisfies you, according to new research from The Australian National University. ...

Recommended for you

Privacy groups take 2nd hit on license plate data

Sep 19, 2014

A California judge's ruling against a tech entrepreneur seeking access to records kept secret in government databases detailing the comings and goings of millions of cars in the San Diego area via license plate scans was ...

Scots' inventions are fuel for independence debate

Sep 17, 2014

What has Scotland ever done for us? Plenty, it turns out. The land that gave the world haggis and tartan has produced so much more, from golf and television to Dolly the Sheep and "Grand Theft Auto."

White House backs use of body cameras by police

Sep 16, 2014

Requiring police officers to wear body cameras is one potential solution for bridging deep mistrust between law enforcement and the public, the White House said, weighing in on a national debate sparked by the shooting of ...

Chinese city creates cellphone sidewalk lane

Sep 15, 2014

Taking a cue from an American TV program, the Chinese city of Chongqing has created a smartphone sidewalk lane, offering a path for those too engrossed in messaging and tweeting to watch where they're going.

Coroner: Bitcoin exchange CEO committed suicide

Sep 15, 2014

A Singapore Coroner's Court has found that the American CEO of a virtual currency exchange committed suicide earlier this year in Singapore because of work and personal issues.

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

Roland
5 / 5 (1) Dec 07, 2010
If you treat your employees as disposable, that's most likely how they will treat your business. And no employee is more disposable than a soldier, especially enlisted ranks.