TY - JOUR
T1 - Towards protecting organisations’ data by preventing data theft by malicious insiders
AU - Al-Harrasi, Abir
AU - Shaikh, Abdul Khalique
AU - Al-Badi, Ali
N1 - Publisher Copyright:
© 2020, Emerald Publishing Limited.
PY - 2021/8/17
Y1 - 2021/8/17
N2 - Purpose: One of the most important Information Security (IS) concerns nowadays is data theft or data leakage. To mitigate this type of risk, organisations use a solid infrastructure and deploy multiple layers of security protection technology and protocols such as firewalls, VPNs and IPsec VPN. However, these technologies do not guarantee data protection, and especially from insiders. Insider threat is a critical risk that can cause harm to the organisation through data theft. The main purpose of this study was to investigate and identify the threats related to data theft caused by insiders in organisations and explore the efforts made by them to control data leakage. Design/methodology/approach: The study proposed a conceptual model to protect organisations’ data by preventing data theft by malicious insiders. The researchers conducted a comprehensive literature review to achieve the objectives of this study. The collection of the data for this study is based on earlier studies conducted by several researchers from January 2011 to December 2020. All the selected literature is from journal articles, conference articles and conference proceedings using various databases. Findings: The study revealed three main findings: first, the main risks inherent in data theft are financial fraud, intellectual property theft, and sabotage of IT infrastructure. Second, there are still some organisations that are not considering data theft by insiders as being a severe risk that should be well controlled. Lastly, the main factors motivating the insiders to perform data leakage activities are financial gain, lack of fairness and justice in the workplace, the psychology or characteristics of the insiders, new technologies, lack of education and awareness and lack of management tools for understanding insider threats. Originality/value: The study provides a holistic view of data theft by insiders, focusing on the problem from an organisational point of view. Organisations can therefore take into consideration our recommendations to reduce the risks of data leakage by their employees.
AB - Purpose: One of the most important Information Security (IS) concerns nowadays is data theft or data leakage. To mitigate this type of risk, organisations use a solid infrastructure and deploy multiple layers of security protection technology and protocols such as firewalls, VPNs and IPsec VPN. However, these technologies do not guarantee data protection, and especially from insiders. Insider threat is a critical risk that can cause harm to the organisation through data theft. The main purpose of this study was to investigate and identify the threats related to data theft caused by insiders in organisations and explore the efforts made by them to control data leakage. Design/methodology/approach: The study proposed a conceptual model to protect organisations’ data by preventing data theft by malicious insiders. The researchers conducted a comprehensive literature review to achieve the objectives of this study. The collection of the data for this study is based on earlier studies conducted by several researchers from January 2011 to December 2020. All the selected literature is from journal articles, conference articles and conference proceedings using various databases. Findings: The study revealed three main findings: first, the main risks inherent in data theft are financial fraud, intellectual property theft, and sabotage of IT infrastructure. Second, there are still some organisations that are not considering data theft by insiders as being a severe risk that should be well controlled. Lastly, the main factors motivating the insiders to perform data leakage activities are financial gain, lack of fairness and justice in the workplace, the psychology or characteristics of the insiders, new technologies, lack of education and awareness and lack of management tools for understanding insider threats. Originality/value: The study provides a holistic view of data theft by insiders, focusing on the problem from an organisational point of view. Organisations can therefore take into consideration our recommendations to reduce the risks of data leakage by their employees.
KW - Data leakage
KW - Data security
KW - Data theft
KW - Insiders
KW - Organizations’ data
KW - Threat
UR - http://www.scopus.com/inward/record.url?scp=85112697158&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85112697158&partnerID=8YFLogxK
UR - https://www.mendeley.com/catalogue/da6d5666-bcbc-3b8a-a519-11bd4f7cf297/
U2 - 10.1108/ijoa-01-2021-2598
DO - 10.1108/ijoa-01-2021-2598
M3 - Article
AN - SCOPUS:85112697158
SN - 1934-8835
VL - 31
SP - 875
EP - 888
JO - International Journal of Organizational Analysis
JF - International Journal of Organizational Analysis
IS - 3
ER -