Cyber Insider Threat in Virtual Organizations

Introduction

The concept of information security and privacy have been discussed and researched in many disciplines. In the realm of political science - corporate ethics, sensitive information such as trade secrets, market competitive intelligence, and intellectual property are rigorously discussed. As a result, corporate security policies are initiated and established to govern the principles of protecting corporate assets against potential risks, threats, and attacks. Government surveillance of citizens for the sake of the national security has been a critical issue discussed throughout decades. George Orwell identified this issue in the book Nineteen Eighty-Four, “In the past, no government had the power to keep its citizens under constant surveillance. The invention of print, however, made it easier to manipulate public opinion, and the film and the radio carried the process further. With the development of television, and the technical advance which made it possible to receive and transmit simultaneously on the same instrument, private life came to an end.” (Orwell, 1949). Although our televisions don’t provide two-way broadcast, the development of Internet provides a similar dynamic. Real world events surrounding the domestic surveillance scandal by the Bush Administration evolved as a result of redirecting surveillance of foreign terrorist activities into the lives of American citizens (Grey, 2005). The need for national security has begun to overshadow citizens’ right to privacy. The case of Edward Snowden leaking sensitive information about the National Security Administration spying on United States citizens is a controversial case that frames Snowden as both a traitor and a patriot. Snowden intentionally stole and leaked information on the government’s surveillance acts. This became a high-profile case of malicious intentional insider threat within the government (CNN Staff, 2013). But this phenomenon applies to corporate governance as well. While government or corporate surveillance may have superseded the right to personal privacy, the emphasis on personal privacy has led to a black box of human interactions within a corporate domain and, as a result, threatens corporate, government, and national security. It becomes vitally important to balance individual privacy with surveillance interests governed by corporate security policies. How much security is necessary to protect corporate security interests, and how much does this impact individual privacy? These questions are indeed a challenge today.

While the paradox of security and privacy persists, the problem of cyber insider threats becomes more complex due to the mobility of storage, communication media, and technology enabled by distributed, grid, and cloud computing. By definition, the virtual organization refers to a group of individuals whose members and resources may be dispersed geographically, but function as a coherent unit through the use of cyber-infrastructure. This group of individuals is team-based and goal-oriented, where leaders and subordinates work together to achieve pre-determined goals (Ho, 2009). Without the luxury of physical interactions or facial expressions, people collaborate with each other dynamically in virtual organizations using cyber infrastructure. To better discuss the “black box” of human interactions as supported by the computer-mediated technologies, we will first discuss the background information of organizations in regards to the availability of technology and variety of security procedures. We will then raise the issue of user problems in organizations, and further analyze the challenges of user problems in the social and digital domains of virtual organizations. We will discuss the challenges and possible future research direction in analyzing user’s deceptive information behavior in computer-mediated communications within virtual organizations.