Sharing or Non-sharing Credentials: A Study of What Motivates People to Be Malicious Insiders

摘要

The problem of an insider threat is a serious concern within organizations. It has been said that the weakest link in information security is the human element. Various causes of insider threats have been hypothesized. However, because there are so many potential causes of malicious insider threats, which factor has the greatest influence in inducing such threats remains unclear. In this paper, we focus on the most significant factor: sharing credentials. The objective of our study is to clarify the influence on the occurrence of malicious activities based on whether a credential is shared and whether a login ID is used. We conducted an experiment on a crowdsourcing service, Crowdworks, Inc., consisting of 198 participants to examine human behavior when attempting to perform malicious activities. Our results show that a non-indicated login ID has a statistically significant effect.