DeepSec 2016 Talk: Insider Threat: Profiling, Intent and Motivations of White Collar Offenders – Ulrike Hugl

Sanna/ October 31, 2016/ Conference, Security

Malicious insider threat is not only a security- or technical-oriented issue, mainly it’s a behavioural one, says Prof. Ulrike Hugl. Insiders are so-called ‘trusted’ or privileged employees, very often with legitimate access to the organization’s systems, and they are hard to catch. Furthermore, it is difficult to find appropriate predictive factors and prevention and detection measures.

In fact, based on new technical developments and opportunities, data theft has become much easier these days: Mobile trends like BYOD, the increased ability to work from home, access to the organization’s systems when on the road, cloud services with related security vulnerabilities for example, as well as more and more malware opportunities have increased the potential of related attacks. Other main security obstacles and trigger factors inside and outside an organization may be, to name a few, a companies poor market performance and fear of job loss, internal (security-related) budget constraints, the complexity of the internal (IT) environment, competing priorities, a lack of top-level direction and leadership, as well as a lack of awareness training, … the list goes on and on.
Anyway, current studies in the field show that malicious insider threat is an increasing crucial issue for companies and governmental institutions. Beside the mentioned dependence on ICT, new attack forms and collaborations with third parties (for example social engineers and/or hackers) are on the rise.

In her talk Professor Hugl will focus on the current state of insider threat,on motivational and behavioural aspects as well as on current profiles of malicious insiders based on the newest available data. The emphasis on characteristics of malicious insiders is crucial, but one should also be aware of the fact that in many cases of attacks boundaries between insiders and outsiders are blurred. Her talk will close with some starting points for organizational insider threat prevention management. We asked Prof.  Hugl some questions beforehand.

Please tell us the top 5 facts about your talk.

  • Insider threat seems to be a hidden risk within organizations.
  • Nevertheless, current studies show that companies estimate they are at risk.
  • When it comes to Insider threat various motivational issues and (sometimes) also neutralization strategies play a crucial role on the personal level; on the organizational level we have to consider opportunity factors, the ‘tone at the top’ and its misuse, which negativly supports sub cultures.
  • New technological developments are triggering organizational vulnerabilities 
  • And: Boundaries of insiders and outsiders are becoming blurred in many cases of current attacks.

 How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?

An initial point was my work at the University of St. Gallen. There, I think it was about in 2002, first initiatives in the field of Internet of Things(IoT)-applications and related IoT-research labs came up. At that early state of research, in my impression, the focus of thoughts was mainly on the technological side and what’s achievable in developing new business models with sustainable profit. To me IoT was more than impressing, but also triggering many open questions: What does IoT mean for business, for individuals, for society? How will it change our world? My impression was that most researchers did not really think about aspects like privacy-by-design for consumers/users or even information security-related aspects for organizations. For me this was the starting point for research in the field of new or (potentially) upcoming technologies, related aspects of data protection and (potential) impacts on the whole field of organizational information security.

Why insider threat? First, it’s related to organizational information security. Second, it’s a very interesting topic because diverse fields are involved: from technology, personnel management (like trainings, leadership, and behavior of peers), the organizational structure (f.ex. internal whistleblowing systems, counterespionage departments, coordination and control), the external environment of an organization (market development, etc.), to interesting theories and research results from criminology and others disciplines. All in all, and that’s a big point, a human’s behavior is hard to predict. Humans do have their characteristics, their personal environment and their own specific situation inside the organization – and such issues can play a triggering role in conducting misuse.
To summarize, insider threat is – depending on your point of view and the topic you are looking on – blurring the boundaries between various scientific disciplines. Therefore, for me, dealing with this topic is fascinating!

 Why do you think this is an important topic?

As just mentioned, to protect an organization’s intellectual property and crucial assets, diverse factors have to be considered: personal, organizational, and behavioral factors or indicators to find useful starting points for the prevention and detection of malicious acting of so-called ‘trusted employees’. Current studies show a clear tendency: Insider threat continues to pose the most crucial threat to organizations everywhere. In 2015, more than the half or even up to 60 percent of all attacks were carried out by malicious insiders. And, as many cases show, such offenders may cause substantial reputational or financial losses.

 Is there something you want everybody to know – Some good advice for our readers maybe?

It’s hard to think of your staff as a potential ‘threat’. Nevertheless, we have to learn that not all our employees have only good intentions. These days we know about diverse starting points, which enable us more and more to ‘walk in an offender’s shoes’. Furthermore, we know about various individual motivational factors as well as organizational and environmental triggers for fraud and misconduct.

I am looking forward to give you an impression of the current state of research and threat potential in the field, but also perhaps some new thoughts and ideas to implement some measures inside your organization.

A prediction about the future – what do you think will be the next innovations or future downfalls when it comes to particularly your field of expertise / the topic of your talk?

From the organizational point of view, in the field of insider threat, the crucial challenge is to find a balance between trust and suspicion when building up related counter-measures. This is sometimes hard and seems like ‘crying for the moon’. But, we all know things are in progress and will further develop.

Another last aspect: Some research is done in all mentioned scientific fields, but more effort is needed to deal with it in a more systematic way and we need much more researchers dealing with this topic. In economic and social sciences, the topic is not really known and far from ‘mainstream’. Within these disciplines traditional research is currently mainly still focused on established and traditional fields of expertise, often with a narrow research focus. However, insider threat and related issues like economic crime and industrial espionage should also be taken into account and being established inside traditional research institutions. They should be treated as very relevant issues for further theoretical innovation and specific managerial implications.


hugl1Prof. Ulrike Hugl is senior scientist and lecturer at the University of Innsbruck (School of Management), Department of Accounting, Auditing and Taxation. She is a member of various scientific committees of international conferences and reviews several journals. Her research mainly focuses on new technologies and their impact on information security and data protection of organizations, as well as on occupational/corporate crime (especially insider threat) and industrial espionage issues.

Share this Post

1 Comment

Comments are closed.