FITRE: A Feasibility Assessment of Using Insider Threat Indicators in Remote Work Environments
Remote workers are those with access to their employers’ resources despite not being physically on the site of their employer. Examples of remote workers include teleworkers, telecommuters, workers who intermittently work from home, and employees who work at the sites of other (often sensitive) organizations with limited contact with their employer (i.e., contractors). In this research study, the MITRE team identified how the risk of insider threat in remote working is likely to be affected by both behavioral and technical vulnerabilities at specific stages of insider attacks. The team recommends research and practical efforts to enable government and industry to deter, detect, and mitigate the risk posed by this under-researched attack vector. The research is based on the scientific feasibility assessment from three completed efforts:
- Interviews with government and industry subject matter experts in: insider threat, information security, cyber detection, cyber offense, and remote workers
- An environmental scan and synthesis of behavioral sciences research into factors that typify remote work environments (e.g., anonymity)
- A limited test and evaluation of technical vulnerabilities on a live network
The work is timely because government and industry are at a crux point whereby remote working is being expanded by some, but restricted by others. There is no data-driven understanding of the risk and mitigations because no prior research has explicitly considered the role of insider threat in remote working environments, and the statistics identifying real insider attacks in those environments are poor. The work uniquely considers the interaction between the behavioral (i.e., the human element) and technical sciences, given that insider threat is the product of behavioral and technical vulnerabilities/effects.