Abstract
There is an increased need for information systems to be protected against unauthorized access and retrieval, particularly from legitimate ‘insider’ outsourced employees. While most studies have focused on organisations’ employees as threats, only a few have focused on the role the outsourced employees’ play as a potential threat. The study seeks to investigate the insider threat behaviour of an outsourced employee in developing countries as security threats to information systems by virtue of their privileged access. The study is quantitative and adopts social bond and involvement theories for this purpose. The research sample was chosen from organisations in Nigeria and South Africa which are the largest two national economies in Africa. Close-ended questionnaires were used and the data were analysed using factor analysis. The study found that outsourced employees exploit information systems vulnerabilities because they are not actively involved in the organisation and lack moral values and beliefs. The findings of this study will assist organisations in developing countries to mitigate the information security threats posed by outsourced employees.
D. Oyebisi and K. Njenga—Behaviour of Outsourced Employees as Sources of Information System Security Threats: Proceedings of AsiaUSEC’20, Financial Cryptography and Data Security 2020 (FC). February 14, 2020 Kota Kinabalu, Sabah, Malaysia Springer, 2020.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Aldawood, H., Skinner, G.: Reviewing cyber security social engineering training and awareness programs—pitfalls and ongoing issues. Future Internet 11(3), 73 (2019)
AlHogail, A.: Design and validation of information security culture framework. Comput. Hum. Behav. 49, 567–575 (2015)
Babu, B.M., Bhanu, M.S.: Prevention of insider attacks by integrating behaviour analysis with risk based access control model to protect cloud. Procedia Comput. Sci. 54, 157–166 (2015)
Bamforth, R.: How to free your business and staff with self-service, computer weekly, pp. 16–19 (2015)
Bajkowski, J.: CBA Netbank app error causes mistaken multiple payments, iTnews (2019). https://www.itnews.com.au/news/cba-netbank-app-error-causes-mistaken-multiple-payments-530665. Accessed 6 Sept 2019
Baracaldo, N., Joshi, J.: An adaptive risk management and access control framework to mitigate insider threats. Comput. Secur. 39, 237–254 (2013)
Borgese, A., Pascoe, N.: Outsourcing 2019—Laws and Regulations—Australia—ICLG. International Comparative Legal Guides International Business Reports. https://iclg.com/practice-areas/outsourcing-laws-and-regulations/australia. Accessed 1 Sept 2019
Breeden, J.: Are Careless Insiders the Biggest Federal Cyber Threat?. NextGov.com, USA (2017)
Buchtel, E.E.: Cultural sensitivity or cultural stereotyping? Positive and negative effects of a cultural psychology class. Int. J. Intercult. Relat. 39, 40–52 (2014)
Daniel, J.: Sampling Essentials: Practical Guidelines for Making Sampling Choices. Sage, Los Angeles (2012)
Devece, C., Palacios-Marqués, D., Pilar Alguacil, M.: Organizational commitment and its effects on organizational citizenship behavior in a high-unemployment environment. J. Bus. Res. 69(5), 1857–1861 (2016)
Dhillon, G., Syed, R., Pedron, C.: Interpreting information security culture: an organizational transformation case study. Comput. Secur. 56, 63–69 (2016)
Dini, G., Lopriore, L.: Password systems: design and implementation. Comput. Electr. Eng. 47, 318–326 (2015)
Eivazi, K.: Computer use monitoring and privacy at work. Comput. Law Secur. Rev. 27(5), 516–523 (2011)
Esmaeilpour, M., Ranjbar, M.: Investigating the impact of commitment, satisfaction, and loyalty of employees on providing high-quality service to customer. Rom. Econ. Bus. Rev. 12(1), 82–98 (2017)
Flores-Fillol, R., Iranzo, S., Mane, F.: Teamwork and delegation of decisions within the firm. Int. J. Ind. Organ. 52, 1–29 (2017)
Hamilton, C., Coates, R., Heffernan, T.: What develops in visuo-spatial working memory development? Eur. J. Cogn. Psychol. 15(1), 43–69 (2003)
HirschI, T.: Causes of Delinquency. University of California Press, Berkeley (1969)
Huang, C., Liu, J., Fang, Y., Zuo, Z.: A study on web security incidents in China by analyzing vulnerability disclosure platforms. Comput. Secur. 58, 47–62 (2016)
Javanmard, H.: The impact of spirituality on work performance. Psychol. Relig. Spiritual. 6(3), 175–187 (2012)
Kim, J., Park, E.H., Baskerville, R.L.: A model of emotion and computer abuse. Inf. Manag. 53(1), 91–108 (2016)
Lee, S.M., Lee, S., Yoo, S.: An integrative model of computer abuse based on social control and general deterrence theories. Inf. Manag. 41(6), 707–718 (2004)
Liu, C.: Feature: the enemy within: the inherent security risks of temporary staff. Comput. Fraud Secur. 2014(5), 5–7 (2014)
Markey, R., Townsend, K.: Contemporary trends in employee involvement and participation. J. Ind. Relat. 55(4), 475–487 (2013)
Pallant, J.: SPSS survival manual: a step by step guide to data analysis using IBM SPSS, 6th edn. Allen & Unwin, Sydney (2016)
Rocha Flores, W., Antonsen, E., Ekstedt, M.: Information security knowledge sharing in organizations: investigating the effect of behavioural information security governance and national culture. Comput. Secur. 43, 90–110 (2014)
Roy Sarkar, K.: Assessing insider threats to information security using technical, behavioural and organisational measures. Inf. Secur. Tech. Rep. 15(3), 112–133 (2010)
Saris, W.E., Gallhofer, I.N.: Design, Evaluation, and Analysis of Questionnaires for Survey Research, 2nd edn. Wiley, Hoboken (2014)
Schaefer, T., Brown, B., Graessle, F., Salzsieder, L.: Cybersecurity: common risks: a dynamic set of internal and external threats includes loss of data and revenue, sabotage at the hands of current or former employees, and a PR nightmare. Strateg. Finan. 99(5), 54–61 (2017)
Tabachnick, B.G., Fidell, L.S.: Using Multivariate Statistics, 6th edn. Pearson Education, Harlow (2014)
Thompson, N.: What is Travis Hirschi’s Social Control Theory? Enotes (2014). http://www.enotes.com/homework-help/what-travis-hirschis-social-control-theory-196501. Accessed 16 June 2016
Van der werff, E., Science Steg, L.: The psychology of participation and interest in smart energy systems: comparing the value-belief-norm theory and the value-identity-personal norm model. Energy Res. Soc. 22, 107–114 (2016)
Velez, M.J., Neves, P.: The relationship between abusive supervision, distributive justice and job satisfaction: a substitutes for leadership approach. Revue Europeenne de Psychologie Appliquee 67(4), 187 (2017)
Von Solms, R., Von Solms, B.: From policies to culture. Comput. Secur. 23(4), 275–279 (2004)
Wallbank, P.: The future of outsourcing. Theaustralian.com.au (2019). https://www.theaustralian.com.au/business/business-spectator/news-story/the-future-of-outsourcing/22a80aea41b2700fc209173dbc6d20d4. Accessed 1 Sept 2019
Acknowledgements
The author thanks Professor Alana Maurushat who provided valuable feedback during the preparation of this paper. Professor Alana Maurushat is Professor of Cybersecurity and Behaviour at Western Sydney University.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Oyebisi, D., Njenga, K. (2020). Behaviour of Outsourced Employees as Sources of Information System Security Threats. In: Bernhard, M., et al. Financial Cryptography and Data Security. FC 2020. Lecture Notes in Computer Science(), vol 12063. Springer, Cham. https://doi.org/10.1007/978-3-030-54455-3_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-54455-3_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-54454-6
Online ISBN: 978-3-030-54455-3
eBook Packages: Computer ScienceComputer Science (R0)