Detecting insider threats through language change

Paul J Taylor, C. Dando, T. Ormerod, L. Ball, M. Jenkins, A. Sandham, T Menacere

    Research output: Contribution to journalArticleAcademicpeer-review

    25 Citations (Scopus)

    Abstract

    The act of conducting an insider attack carries with it cognitive and social challenges that may affect an offender's day-to-day work behavior. We test this hypothesis by examining the language used in e-mails that were sent as part of a 6-hr workplace simulation. The simulation involved participants (N = 54) examining databases and exchanging information as part of a four-stage organized crime investigation. After the first stage, 25% of the participants were covertly incentivized to act as an “insider” by providing information to a provocateur. Analysis of the language used in participants' e-mails found that insiders became more self-focused, showed greater negative affect, and showed more cognitive processing compared to their coworkers. At the interpersonal level, insiders showed significantly more deterioration in the degree to which their language mimicked other team members over time. Our findings demonstrate how language may provide an indirect way of identifying employees who are undertaking an insider attack. (PsycINFO Database Record (c) 2013 APA, all rights reserved)
    Original languageEnglish
    Pages (from-to)262-275
    Number of pages14
    JournalLaw and human behavior
    Volume37
    Issue number4
    DOIs
    Publication statusPublished - 2013

    Keywords

    • METIS-291310
    • IR-84291

    Fingerprint Dive into the research topics of 'Detecting insider threats through language change'. Together they form a unique fingerprint.

    Cite this