Behaviour of outsourced employees as sources of information system security threats

Abstract

There is an increased need for information systems to be protected against unauthorized access and retrieval, particularly from legitimate ‘insider’ outsourced employees. While most studies have focused on organisations’ employees as threats, only a few have focused on the role the outsourced employees’ play as a potential threat. The study seeks to investigate the insider threat behaviour of an outsourced employee in developing countries as security threats to information systems by virtue of their privileged access. The study is quantitative and adopts social bond and involvement theories for this purpose. The research sample was chosen from organisations in Nigeria and South Africa which are the largest two national economies in Africa. Close-ended questionnaires were used and the data were analysed using factor analysis. The study found that outsourced employees exploit information systems vulnerabilities because they are not actively involved in the organisation and lack moral values and beliefs. The findings of this study will assist organisations in developing countries to mitigate the information security threats posed by outsourced employees.