An Empirical Examination of Insider Threat Revenge Behaviors for Analyzing High Risk Insiders Exhibiting Subclinical Psychopathic Traits

Date
2017
Authors
Maasberg, Michele
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract

Insider threats are one of the most critical information systems (IS) security concerns, and the high-risk statistics have remained steady over the last five years. The problem is likely to continue, since the predominant security approach to insider threat prevention has been technical systems development, and most incidents involve privilege abuse. That is, insiders continue to successfully subvert technical prevention measures. Accordingly, there has been a growing call for behavioral information security research regarding insiders. However, the insider threat problem has been most often examined in the context of general information security policy non-compliance and in the context of theories that do not fully account for individual differences of malicious insiders.

This study examines insider threat behaviorally through the lens of Revenge Theory that was used to investigate the impact of insiders who exhibit the Dark Triad personality trait of subclinical psychopathy on insider threat revenge behavior, while examining the impact of organization-based self-esteem, blame attribution, and resentment in mediating those relationships. In addition, this research tests the hypothesis that individuals who engage in revenge have a higher set of technological skills, by testing whether computer self-efficacy impacts those relationships. Finally, this research tests the hypotheses that both an ego threat and an administrative deterrent security control intensify the relationship, by examining their moderating influences.

A mixed methods approach involving two studies was employed to answer the research questions of interest and to empirically test the proposed model. The use of different methods and different sources of subjects permits the triangulation of results, and provides an opportunity to examine the robustness of results. An experimental vignette study was first conducted with Amazon Mechanical Turk with a non-student, adult, employed population to determine responses to treatment conditions. A second, a laboratory experiment was conducted with student respondents to measure actual behavior as well as to establish causal inference. The data was analyzed using structural equation modeling. The results suggested that individuals exhibiting subclinical psychopathic traits are more likely to commit insider threat revenge, particularly in the presence of an ego threat. Contrary to what was hypothesized, the results show that deterrent security controls decrease the likelihood of an incident in the presence of individuals who exhibit this trait, as well as the fact that insiders who commit revenge tend to be less skilled in technology. The findings also provide insight into the cognitive and emotional processes that occur surrounding an insider threat revenge incident.

Overall, this research advances our understanding of the relationships between certain individual differences, specifically subclinical psychopathy, and the propensity to commit insider threat revenge, particularly in the presence of an ego threat. The results have strong theoretical and practical implications for IS security practices in organizations.

Description
This item is available only to currently enrolled UTSA students, faculty or staff.
Keywords
Cyber security, Ego threat, Insider threat, IT Sabotage, Revenge Theory
Citation
Department
Information Systems and Cyber Security