Visible to the public Curiosity Killed the Organization: A Psychological Comparison Between Malicious and Non-Malicious Insiders and the Insider Threat

TitleCuriosity Killed the Organization: A Psychological Comparison Between Malicious and Non-Malicious Insiders and the Insider Threat
Publication TypeConference Paper
Year of Publication2016
AuthorsDupuis, Marc, Khadeer, Samreen
Conference NameProceedings of the 5th Annual Conference on Research in Information Technology
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4453-1
Keywordscompliance, compositionality, cyber security, expandability, governance, human factors, insider threat, intentional acts, malicious insiders, non-malicious insiders, organizational security, personality, psychological factors, pubcrawl, Resiliency, risk management, trait affect, unintentional acts

Insider threats remain a significant problem within organizations, especially as industries that rely on technology continue to grow. Traditionally, research has been focused on the malicious insider; someone that intentionally seeks to perform a malicious act against the organization that trusts him or her. While this research is important, more commonly organizations are the victims of non-malicious insiders. These are trusted employees that are not seeking to cause harm to their employer; rather, they misuse systems-either intentional or unintentionally-that results in some harm to the organization. In this paper, we look at both by developing and validating instruments to measure the behavior and circumstances of a malicious insider versus a non-malicious insider. We found that in many respects their psychological profiles are very similar. The results are also consistent with other research on the malicious insider from a personality standpoint. We expand this and also find that trait negative affect, both its higher order dimension and the lower order dimensions, are highly correlated with insider threat behavior and circumstances. This paper makes four significant contributions: 1) Development and validation of survey instruments designed to measure the insider threat; 2) Comparison of the malicious insider with the non-malicious insider; 3) Inclusion of trait affect as part of the psychological profile of an insider; 4) Inclusion of a measure for financial well-being, and 5) The successful use of survey research to examine the insider threat problem.

Citation Keydupuis_curiosity_2016