ABSTRACT:
Malicious insiders continue to pose a great threat to organizations. With their knowledge and access to organizational resources, malicious insiders could launch attacks more easily that result in more damaging impacts compared to outsiders. However, empirical research about malicious insiders is rare due to the unavailability of data. With few exceptions, many studies focus on a small number of cases. In order to identify common characteristics of a large number of malicious insiders, this study employs text mining to analyze 133 real-world cases of offenders from military units, intelligence agencies, and business organizations with data available to the public. Contributions of this study reside in two aspects: first, we use public data from documented malicious insider cases, implying a potentially valuable data source for future studies in this domain; second, we validate malicious insider characteristics identified in previous research, thereby establishing a foundation for more comprehensive research in the future.
Key words and phrases: data classification, insider attacks, insider threat, malicious insider, text mining