Inside the Insider

We present an overview of two major research projects on the role of monetary incentives and psychological traits in attracting individuals to hacking behavior. In the first study, scenarios were developed for five situations to determine if monetary incentives could be used to influence subjects to obtain healthcare information and to release that information. Approximately 35% to 46% of the 523 survey participants indicated that there is a price, ranging from $1,000 to over $10 million, acceptable for violating HIPAA laws. In the second study, 439 subjects completed a survey that identified the psychological traits that contribute to an individual's propensity to participate in White Hat, Grey Hat, or Black Hat hacking. Preliminary results suggest that individuals that are White Hat, Grey Hat and Black Hat hackers score high on the Machiavellian and Psychopathy scales. We also found evidence that Gray Hatters oppose authority, Black Hatters score high on the thrill-seeking dimension, and White Hatters, the good guys, tend to be Narcissists. Our focus on both studies is malicious insider attacks because insiders have the ability to do substantial monetary and reputational damage to the organization. Several suggestions have been made on addressing insider threats. © 1973-2011 IEEE.