Inside the Insider Threat

Permanent URI for this collection


Recent Submissions

Now showing 1 - 3 of 3
  • Item
    Experimental Investigation of Demographic Factors Related to Phishing Susceptibility
    ( 2020-01-07) Li, Wanru ; Lee, James ; Purl, Justin ; Greitzer, Frank ; Yousefi, Bahram ; Laskey, Kathryn
    This paper reports on a simulated phishing experiment targeting 6,938 faculty and staff at George Mason University. The study examined various possible predictors of phishing susceptibility. The focus of the present paper is on demographic factors (including age, gender and position/employment). Since previous studies of age and gender have yielded discrepant results, one purpose of the study was to disambiguate these findings. A second purpose was to compare different types of email phishing exploits. A third objective was to compare the effect of different types of feedback given to those who clicked on one or more of three simulated phishing exploits that were deployed over a three-week period. Our analysis of demographic factors, effects of phishing email content, and effects of repeated exposure to phishing exploits revealed significant age effects, marginally significant gender differences, and significant differences in email type. A multi-level model estimated effects of multiple variables simultaneously.
  • Item
    Psychological Profiling of Hacking Potential
    ( 2020-01-07) Gaia , Joana ; Ramamurthy, Bina ; Sanders, George ; Sanders, Sean ; Upadhyaya , Shambhu ; Wang, Xunyi ; Yoo, Chul
    This paper investigates the psychological traits of individuals’ attraction to engaging in hacking behaviors (both ethical and illegal/unethical) upon entering the workforce. We examine the role of the Dark Triad, Opposition to Authority and Thrill-Seeking traits as regards the propensity of an individual to be interested in White Hat, Black Hat, and Grey Hat hacking. A new set of scales were developed to assist in the delineation of the three hat categories. We also developed a scale to measure each subject’s perception of the probability of being apprehended for violating privacy laws. Engaging in criminal activity involves a choice where there are consequences and opportunities, and individuals perceive them differently, but they can be deterred if there is a likelihood of punishment, and the punishment is severe. The results suggest that individuals that are White Hat, Grey Hat and Black Hat hackers score high on the Machiavellian and Psychopathy scales. We also found evidence that Grey Hatters oppose authority, Black Hatters score high on the thrill-seeking dimension and White Hatters, the good guys, tend to be Narcissists. Thrill-seeking was moderately important for White Hat hacking and Black hat hacking. Opposition to Authority was important for Grey Hat hacking. Narcissism was not statistically significant in any of the models. The probability of being apprehended had a negative effect on Grey Hat and Black Hat hacking. Several suggestions will be made on what organizations can do to address insider threats.
  • Item
    Introduction to the Minitrack on Inside the Insider Threat
    ( 2020-01-07) Clark, Jason ; Bishop, Matt ; Greitzer, Frank