A primer on insider threats in cybersecurity

Abstract

ABSTRACT Though human factors are increasingly being acknowledged as a contributor to cybersecurity incidents, this domain is not widely understood by those in technical and applied disciplines. Humans can be influenced, are not always rational or predictable, and must be studied through psychology rather than technology. Consequently, this domain may represent uncharted territory for the technical practitioner leaving many promising areas of research and practice unexplored. This paper provides a broad primer on human factors in cybersecurity, specifically focusing on the threat posed by organizational insiders. We emphasize the pivotal role that users play in determining overall system security and aim to introduce non-experts to this field, stimulating new interest in this intersection of humans and computers.