Visible to the public SBE: Small: Collaborative: Modeling Insider Threat Behavior in Financial Institutions: Large Scale Data AnalysisConflict Detection Enabled

Project Details

Lead PI

Performance Period

Aug 15, 2014 - Jul 31, 2018

Institution(s)

University of Texas at Arlington

Award Number


Insiders pose substantial threats to an organization, regardless of whether they act intentionally or accidentally. Because they usually possess elevated privileges and have skills, knowledge, resources, access and motives regarding internal systems and data, insiders can easily circumvent security countermeasures, steal valuable data, and cause damage. Perimeter and host-based countermeasures like firewalls, intrusion detection systems, and antivirus software are ineffective in preventing and detecting insider threats. Despite the availability of abundant anecdotal information regarding insider threats, research relying on field data to advance understanding of such threats is still lacking. This proposal presents a theoretically driven approach to investigate the risk of insider threat within financial institutions. It will utilize large scale field data from two financial institutions to provide comparison and improve the generalizability of results.

Intellectual Merit: The proposed research will use criminology theories and extend them to the domain of insider threat. It will use both objective log data from the enterprise single sign-on (eSSO) systems and subjective data through surveys and focus groups to understand perceptual characteristics of applications as well as perceptions of employees regarding attractiveness of targets. Thus, this research will be among the first that takes both the technical and human aspects into consideration in investigating victimization risk and attack proneness associated with information assets within financial institutions. In essence, the proposed study will utilize multi methods and multi-source data to establish how information resources can be better protected from misuse and abuse of access privileges. The study will initiate a new perspective for analyzing existing behavioral log data to improve the practice of risk management, which may have a transformative impact in terms of mitigating risks from different user groups and informing interventions to deal with the insider threat problem.

Broader Impact: This multi-disciplinary collaborative project will deepen understanding of insider threat behavior in the context of financial institutions. A PhD student will be funded at each university and the research will result in a few Masters' independent studies in this area as well. The findings of this proposal will be disseminated among the law enforcement task forces, as well as banking organizations. The channels to be employed include workshops with the local InfraGuard program in collaboration with the regional FBI office. The outcomes of the proposal will not only provide an applied understanding of insider threat, but also important implications for risk management applications. It is important to note that the President's Critical Infrastructure Protection Board identified the banking and finance sector as one of the critical infrastructures to be secured. This proposal will help in this regard by having an impact on public policy with respect to regulations for financial institutions. The potential reduction in financial crime as a result would have significant societal benefits.