search menu icon-carat-right cmu-wordmark

Posts by Sarah Miller

Insider Threats in Finance and Insurance (Part 4 of 9: Insider Threats Across Industry Sectors)

Insider Threats in Finance and Insurance (Part 4 of 9: Insider Threats Across Industry Sectors)

• Blog
Sarah Miller

This post was co-authored by Jonathan Trotman. In the previous post of our series analyzing and summarizing insider incidents across multiple sectors, we discussed some of the mandates and requirements associated with federal government insider threat programs as well as documented insider threat incidents. In this post, we will discuss information security regulations and insider threat metrics based on Finance and Insurance incidents from our CERT National Insider Threat Center (NITC) Incident Corpus....

Read More
Insider Threats in the Federal Government (Part 3 of 9: Insider Threats Across Industry Sectors)

Insider Threats in the Federal Government (Part 3 of 9: Insider Threats Across Industry Sectors)

• Blog
Sarah Miller

The CERT National Insider Threat Center (NITC) Insider Threat Incident Corpus contains over 2,000 incidents, which, as Director Randy Trzeciak writes, acts as the "foundation for our empirical research and analysis." This vast data set shows us that insider incidents impact both the public and private sector, with federal government organizations being no exception. As Carrie Gardner introduced in the previous blog post in this series, federal government organizations fall under the NAICS Codes for...

Read More
GDPR and Its Potential Impacts for Insider Threat Programs

GDPR and Its Potential Impacts for Insider Threat Programs

• Blog
Sarah Miller

The European Union's General Data Protection Regulation (GDPR) is a directive that concerns the processing of personal data by private organizations operating in the European Union, whether as employers or as service providers. While many organizations have focused their GDPR readiness efforts on managing data subjects' personal information on customers, employees are also considered data subjects. This post will focus on an organization's obligations to its EU employees (inclusive of contractors and trusted business partners,...

Read More
Insiders and their Significant Others: Collusion, Motive, and Concealment

Insiders and their Significant Others: Collusion, Motive, and Concealment

• Blog
Sarah Miller

Insiders have been known to collude with others, both with coworkers (i.e., other insiders) and outsiders. In our previous post on insider collusion and its impact, we explored 395 insider incidents of collusion and found that insiders working with outsider-accomplices had greater financial impact to their organization than those working with other insiders. When an insider works alone, or when an insider works with others within their organization, User Activity Monitoring (UAM) / User and...

Read More
2017 U.S. State of Cybercrime Highlights

2017 U.S. State of Cybercrime Highlights

• Blog
Sarah Miller

Each year, the CERT Division of the SEI collaborates with CSO Magazine to develop a U.S. State of Cybercrime report1. These reports are based on surveys of more than 500 organizations across the country, ranging in size from fewer than 500 employees to more than 10,000. Each organization self-reports on information security issues that have impacted them in the past calendar year. The 2017 report covers activity that occurred in 2016. In this blog post,...

Read More
2016 U.S. State of Cybercrime Highlights

2016 U.S. State of Cybercrime Highlights

• Blog
Sarah Miller

Each year, the CERT Division of the SEI collaborates with CSO Magazine to develop a State of Cybercrime report. These reports are based on surveys of approximately 400 organizations across the country, ranging in size from less than 100 employees to over 10,000....

Read More
Insider Threat Deep Dive on IT Sabotage: Updated Statistics (Part 1 of 2)

Insider Threat Deep Dive on IT Sabotage: Updated Statistics (Part 1 of 2)

• Blog
Sarah Miller

IT sabotage has been an area of increasing interest and concern across government, research, industry, and the public sector. IT sabotage is defined as incidents wherein malicious insiders intentionally use technical methods to disrupt or cease normal business operations of a victim organization. What makes sabotage so compelling a concern is the notion that a few lines of code can put an organization out of business....

Read More
Malicious Insiders in the Workplace Series: Malicious Insiders' Salaries and the Financial Impact of Insider Incidents (Part 4 of 4)

Malicious Insiders in the Workplace Series: Malicious Insiders' Salaries and the Financial Impact of Insider Incidents (Part 4 of 4)

• Blog
Sarah Miller

In parts one, two, and three of this series, the roles held by malicious insiders and their estimated salary were reviewed. In this final post, we see if there is a relationship between an insider's salary and the financial impact of related incidents. Comparing the estimated salary of malicious insiders with impacts self-reported by victim organizations in publicly available sources (i.e., in court filings) may offer analytical insight for quantifying risk....

Read More
Malicious Insiders in the Workplace Series: How Does an Insider's Gender Relate to the Type of Incident? (Part 1 of 4)

Malicious Insiders in the Workplace Series: How Does an Insider's Gender Relate to the Type of Incident? (Part 1 of 4)

• Blog
Sarah Miller

Much attention has been paid to understanding the impacts of an insider threat incident. In examining recorded cases, trends begin to emerge over time just as with any other data set. However, despite these malicious insiders using technical means to cause harm, there is still a human component that should be considered. Who, collectively, are these malicious insiders that caused harm? What do we know about them? This blog post is the first of a...

Read More
The Frequency and Impact of Insider Collusion

The Frequency and Impact of Insider Collusion

• Blog
Sarah Miller

Collusion among malicious insiders can produce a larger attack surface in terms of access to organizational assets. In theory, multiple actors could perform reconnaissance from within the "need-to-know" aspect of their job responsibilities to commit fraud or theft of intellectual property. Consequently, these malicious actors could then evade detection, presenting a real threat to an organization. In this blog post, I explore the concept of collusion among malicious insiders....

Read More

Contact the Author

Sarah Miller