The research provides a method to detect and mitigate the insider threat. Currently insider threat detection is focused only on the malicious person attempting to harm the organization. Most employees seek to assist their employers. Very few people want to hurt the business providing their livelihood. However, many employees take risks (sometimes very serious risks) on the network. We simultaneous help the benevolent employee and detect the malicious one. Our system helps employees by showing them network risks, and helping them decrease the risk. Sometimes risk-taking is worth it; for example, emailing a document to a superior in dire straights using gmail. Sending documents over gmail is risky. Our system helps the employee mitigate the risks they are taking. In the gmail example, our system automatically changes the settings to encrypt the email. Rather than walking through changing setting (which can be intimidating) or just popping up a confusing and technical dialogue box, we just encrypt the email for the employee. Also, in this case our system shows the employee that choosing not to encrypt the email will be very risky. The document (if it is not encrypted) can be seen by anyone on the Internet. An important part of our system is that it treats employees as partners to the organization. At the same time our system detects insiders by watching across the organization for the person taking both large one-time risks and small cumulative risks. This proposal is innovative, and a very different approach than industry uses today.
EAGER: Human-Centered Mitigation of the Insider Threat