Differentiating Insider and Outsider Cyberattacks on Businesses

TR Number

Date

2023-08-01

Journal Title

Journal ISSN

Volume Title

Publisher

Springer Nature

Abstract

The use of information and communication technologies in business has opened several new ways for employees to commit cybercrimes against their employers. Utilizing opportunity theory, the current paper investigates the characteristics of businesses victimized by employee-committed cyberattacks and compares insider- and outsider-committed cybercrime in terms of the damage they cause to the business. We used online sampling to obtain information on 350 businesses in the Commonwealth of Virginia, revealing 29 outsider cases and 17 insider attacks that were clearly identified. We found that insider attacks were more costly, resulting in more damage than external attacks; the most frequent attack type was impersonating the organization online for insiders, and viruses, spyware, and malware for outsiders. Our data suggested restricting personal devices, making cybersecurity a priority, cybersecurity updates among management, and employee training do not significantly lessen the risk or mitigate the effects of insider attacks. We suggest that organizational security culture must be refined and strengthened to identify and prevent insider attacks successfully.

Description

Keywords

insider cyberattack, businesses, opportunity theory, cost, harm

Citation