Detecting insider threats through language change

The researchers investigate how language can be used to identify insider attackers in the workplace. They conduct a simulation involving 54 participants who were incentivized to act as insiders during a four-stage organized crime investigation. The analysis of the language used in participants’ e-mails shows that insiders became more self-focused, showed greater negative affect, and displayed more cognitive processing compared to their coworkers. Insiders also showed a significant deterioration in the degree to which their language mimicked other team members over time, which may help identify potential insider attacks. These findings suggest that analyzing language can provide an indirect way of identifying employees who may carry out insider attacks.

Read the research: Detecting insider threats through language change