Page 104 - Data Science class 11
P. 104
newsfeed, to see if that impacted what the users post back. The newsfeed was curated with the purposeful intention
to see if that ultimately impacted the way a user interacted with the rest of the network. Was the consent taken from
the users before conducting this experiment? The answer to this is “No”.
There must be a universal framework for what companies can and cannot do with the data they collect from people,
as it is necessary to follow Data Ethics.
One of the reasons why ethical norms are necessary in research: Norms promote knowledge, truth, and avoidance of
error. For example, they prohibit fabricating, falsifying, or misrepresenting research data to promote the truth, and
reduce error or flaws.
1.5 insiDEr anD oUtsiDEr thrEats
Employees, former employees, contractors, business partners, or vendors—anyone with legitimate access to an
organisation’s networks and systems, who deliberately exfiltrate data for personal gain or accidentally leak sensitive
information, could be a threat. Let us now learn, what the two kinds of threats are:
1.5.1 What is an insider threat?
The National Institute of Standards and Technology (NIST of USA), Special Publication 800-53, defines an insider
as “an entity with authorised access that has the potential to harm an information system or enterprise through
destruction, disclosure, modification of data, and/or denial of service.” NIST promotes U.S. innovation and industrial
competitiveness by promoting measurement science, standards, and technology in ways that enhance economic
security and upgrade our quality of life.
Employees know all the ins and outs of a company’s infrastructure and cybersecurity tools. Hundreds of malicious
and inadvertent insider attacks have already occurred, that had unwarrantedly harmed companies. Apart from such
attacks often leading to financial and reputational losses, such losses may even ruin a company’s business.
Insider attacks are particularly threatening for three reasons:
• Insiders act maliciously most of the times. That’s why it’s harder to detect their harmful activities than it is to detect
external attacks.
• Insiders know flaws in an organisation’s cybersecurity.
• Insiders know the location and nature of sensitive data they can misuse.
Insiders cause enormous threat to a company’s data, even though they are not always deliberately a threat.
Sources of Insider Threat
Three major sources of insider threats are:
• Negligent or inadvertent user
• Criminal or malicious insider
• User credential theft
Here ‘user’ is anyone who has authorised access to an organisation’s sensitive data: employees, system administrators,
third-party contractors, etc. They can misuse that access to carry out an insider attack.
Distinct Types of Insiders
• The Malicious Insider: Malicious Insiders are the ones who intentionally steal data. It could be an employee or
contractor who may exfiltrate valuable information (like Intellectual Property (IP), Personally Identifiable Information
(PII), or financial information), to gain financial incentive or a competitive edge. A malicious insider may also be the
one who holds a grudge for being let go or furloughed.
• The Negligent Insider: Negligent insiders are ordinary employees who have made a mistake. It could be an employee
who might have sent an email containing sensitive data to the wrong person, emailed company data to personal
accounts to complete some work during the weekend, fallen prey to a phishing or spear phishing attack, or lost their
work device.
102 Touchpad Data Science-XI

