attackers which we mostly look to prevent and detect. However, the 2011 Cyber Security Watch Survey insiders exceeded that of what external attackers could have caused. So why aren't we doing more to stop insider threats? confirmed in 1995 when Power technologies, the insider threat continues to be a growing problem. the years and these definitions have had to transform with advances in technology. Recently CERT exceeded or misused" to "negatively affect". activities are committed for revenge, financial or egotistical motivations, the consequences are the same. Damage is caused. This could be in the form of reputational damage, financial implications or physical damage to networks and equipment. Often, the scale of damage caused is even larger than that which could be caused by external attackers, and due to the authorised nature of insiders, it can often be undetected for longer periods of time. Manning) and Edward Snowden, there is a concern that these detailed reports may expose the loopholes in technology systems which insiders often exploit. This may the simplicity and effectiveness of conducting these detrimental activities. on social media, could encourage a new type of insider threat; where social media profiles are used for the recruitment of organisations' employees by external groups. Alternatively, the nature of sharing on social media networks may encourage a generation of insider threats who share stolen data with their online network. Therefore, as the workforce becomes saturated with the tech-savvy generation Y, perhaps our concerns shall grow further. solution available for the prevention and detection of insider threats. Instead there continues to be many niche contributions to the area for both technological and behavioural detection mechanisms, each of which approach the problem at a different angle. This does not provide complete coverage for detection of the insider threat. Therefore, my contribution to this area as part of my final year project is the development of a prototype tool, which aims to detect insider threats by relying on artefacts that remain on a Windows host following the malicious activities. The tool is designed to focus on insider threat detection on the host machine alone; functioning to extract Registry data which relates to insider threat activities, to allow for the calculation of the likelihood that the user is an insider threat. The module currently developed for this prototype extracts Registry data regarding USB devices, to understand their activity on the host as they could potentially be utilised to steal or destroy data. proposed insider threat detection solutions and provide an answer to the question `what's on the inside?' 2. POWER, R. (1995) Current and Future Danger: A CSI Primer on Computer Crime & Information Warfare. California: Computer Security Institute. 3. CERT (2012) The CERT Insider Threat Center [WWW] CERT. Available from: http://www.cert.org/insider_threat/ |