Discovering “Insider IT Sabotage” based on human behaviour
Information and Computer Security
ISSN: 2056-4961
Article publication date: 4 June 2020
Issue publication date: 1 October 2020
Abstract
Purpose
Malicious activities conducted by disgruntled employees via an email platform can cause profound damage to an organization such as financial and reputational losses. This threat is known as an “Insider IT Sabotage” threat. This involves employees misusing their access rights to harm the organization. Events leading up to the attack are not technical but rather behavioural. The problem is that owing to the high volume and complexity of emails, the risk of insider IT sabotage cannot be diminished with rule-based approaches.
Design/methodology/approach
Malicious human behaviours that insiders within the insider IT sabotage category would possess are studied and mapped to phrases that would appear in email communications. A large email data set is classified according to behavioural characteristics of these employees. Machine learning algorithms are used to identify occurrences of this insider threat type. The accuracy of these approaches is measured.
Findings
It is shown in this paper that suspicious behaviour of disgruntled employees can be discovered, by means of machine intelligence techniques. The output of the machine learning classifier depends mainly on the depth and quality of the phrases and behaviour analysis, cleansing and number of email attributes examined. This process of labelling content in isolation could be improved if other attributes of the email data are included, such that a confidence score can be computed for each user.
Originality/value
This research presents a novel approach to show that the creation of a prototype that can automate the detection of insider IT sabotage within email systems to mitigate the risk within organizations.
Keywords
Citation
Michael, A. and Eloff, J. (2020), "Discovering “Insider IT Sabotage” based on human behaviour", Information and Computer Security, Vol. 28 No. 4, pp. 575-589. https://doi.org/10.1108/ICS-12-2019-0141
Publisher
:Emerald Publishing Limited
Copyright © 2020, Emerald Publishing Limited