WRIT 2014 - 2nd Workshop on Research for Insider Threat

The threat of damage caused by authorized users, or insiders, is one of the most challenging security issues facing most organizations today. Insiders often attack using authorized access and with actions very similar to non-malicious behavior. Modern insiders are further enabled by immense data storage capabilities, advanced searching algorithms, and the difficulty of building, deploying, and managing comprehensive insider threat monitoring systems. Furthermore, insider attacks can also include those unintentionally enabled by users who fall victim to external attacks such as phishing or drive-by downloads.
Cybersecurity professionals face significant challenges in preventing, detecting, and responding to insider attacks, and often turn to insider threat researchers for answers. Unfortunately, insider threat researchers also face serious barriers to conducting scientifically and operationally valid work, such as access to real-world data and ground-truth about malicious insider activity. Therefore, it is imperative that cybersecurity researchers and professionals work together to find solutions that protect organizations from insider threats. Technical approaches to this problem are emerging, but studies show little significant progress has been made in reducing the actual numbers or impacts of insider attacks. There are two main reasons for the relative lack of success in identifying insider threats:
The problem is not well understood. In addition to the complex challenges surrounding collection, correlation, and detection of technical indicators, researchers must also understand underlying human motivations and behaviors. This is not a traditional area of study for IT security researchers; configuring technical solutions to monitor for human deception is challenging.
Data on insider attacks is difficult to obtain-
Ground truth data: Organizations suffering insider attacks are often reluctant to share data about those attacks publicly. Studies show over 70% of attacks are not reported externally, including many of the most common, low-level attacks. This leads to uncertainty that available data accurately represents the true nature of the problem.
Baseline data: The rate of insider attacks is relatively unknown; furthermore, the behaviors of non-malicious users are also not available in large data sets.
WRIT will highlight the challenges and trends specific to the insider threat problem from multiple viewpoints, such as information technology, behavioral sciences, or criminology. Furthermore, the workshop will review emerging approaches and explore experimental possibilities for measuring the efficacy of proposed solutions. The workshop will be accessible to non-experts interested in learning about the insider threat problem as well as experts interested in learning about new research and approaches.