Faculty & Research
The School

Cyber Security inside and out

Cyber Security inside and out: Protecting businesses from the threat within

Cyber-attacks are constantly part of the news. What is often overlooked is that the fastest growing sources of cyber-attacks are insiders. Insiders may be employees, contractors, cloud providers or part of a company’s supply chain. But they all share one feature:  they have authorized access – at some level – to the organization’s digital assets. Recent attacks on the NSA, Target and Neiman Marcus were all perpetrated via insider channels.

Research summary

These incidents are grossly under-reported (~1%). In large, public cases they are forced into the open, but a myriad of less public incidents happen every day. Insider damage is usually more significant because of the actors often have high access levels, with the potential to strike at the heart of the enterprise – and cause serious damage. Insiders may be unwitting, coerced or independently malicious. Unwitting insiders may be duped, for example, by scattering company-branded USB sticks around the car park, or leaving a CD with “Compensation Data” around an office is enough to tempt at least someone to load a hidden infection into their systems. Phishing attacks, through plausible email, can allow even vigilant employees exposed to a RAT attack (Remote Access Trojans allow people from anywhere in the world to take control of your computer.  

The move to “Bring Your Own Device” (BYOD) to work is often very appealing – even demanded - by employees. But from a security point of view this tide can drill a huge hold in security systems. An estimated 12 million mobile devices are unknowingly infected with malware. Coerced insiders are often blackmailed through romance scams, or embarrassing issues they are dealing with. Social media are mined to provide targets for such attacks. Social media itself is a source of insider danger as it has blurred the distinction between work and private lives, often leaking precious intellectual property. Malicious insiders (often with outside collaborators) come with a range of motivations: fraud, theft of data, sabotage (often for revenge), hacktivism, terrorism or warfare.

The purpose of this research was to investigate news ways of mitigating insider threats, using technical, managerial and educational tools. The cross-university research team primarily from the Business School and the School of Computer Science developed prototype monitoring software, educational materials and management frameworks all of which were designed to defend against cyber-insider threats.

Their unique approach was to combine cyber technology, psychology, criminology, visual analytics, enterprise operations management and executive education expertise. Whilst helping to identify ways for businesses to prevent future inside attacks, they were also developing education and dissemination materials, and strategies to maximize the insight generated by this research in a way that is accessible and effective with company boards. The team worked closely with the government sponsor – the Centre for the Protection of the National Infrastructure (part of MI5) – to keep the research well-grounded, practical and alert to new and clandestine threats.

Read the online published research

Upton, David M. and Sadie Creese. "The Danger from Within," Harvard Business ReviewSeptember 2014.


Download the poster

Oxford Saïd authors

David Upton, Saïd Business School