search menu icon-carat-right cmu-wordmark

Insider Threat Blog

Real-World Work Combating Insider Threats

Latest Posts

Managing the Risks of Ransomware

Managing the Risks of Ransomware

• Insider Threat Blog
David Tobar

This blog post was co-authored by Jason Fricke. Ransomware poses a growing threat to both businesses and government agencies. Though no strategy can fully eliminate these risks, this post provides recommendations, and links to additional best practices, on better managing ransomware risks....

Read More
Insider Threat Incident Analysis: Court Outcome Observations

Insider Threat Incident Analysis: Court Outcome Observations

• Insider Threat Blog
Nick Miller

In the United States, legal cases may be tried in criminal court or civil court. According to data in the CERT National Insider Threat Center (NITC) incident corpus, the type of court makes a big difference in the legal outcomes of insider attack cases. This blog post analyzes these differences, specifically sentencing and restitution in criminal cases and findings of liability in civil cases. This blog post does not, and is not intended to, constitute...

Read More
Improving Insider Threat Detection Methods Through Software Engineering Principles

Improving Insider Threat Detection Methods Through Software Engineering Principles

• Insider Threat Blog
Daniel Costa

Tuning detective controls is a key component of implementing and operating an insider threat program, and one we have seen many organizations struggle with. Our work helping organizations with their insider threat programs has revealed common challenges with any tool that generates alerts of potential insider risk, such as user activity monitoring (UAM), security information event management (SIEM), or user and entity behavioral analytics (UEBA) tools. In this blog post, we will discuss some of...

Read More
7 Guidelines for Being a TRUSTED Penetration Tester

7 Guidelines for Being a TRUSTED Penetration Tester

• Insider Threat Blog
Karen Miller

The best way to learn is by doing. But when it comes to penetration testing, learners risk legal implications and bad habits if they don't follow ethical, safe procedures. Those wishing to develop penetration testing skills are often unaware of the number of resources available for legally and safely testing penetration tools and techniques. In this blog post, I'll describe seven general practices, outlined in the acrostic "TRUSTED," that pen testing learners and professionals should...

Read More
September Is National Insider Threat Awareness Month

September Is National Insider Threat Awareness Month

• Insider Threat Blog
Daniel Costa

September 2019 has been declared National Insider Threat Awareness Month by the National Insider Threat Task Force, the National Counterintelligence and Security Center, the Federal Bureau of Investigation, the Office of the Under Secretary of Defense (Intelligence), the Department of Homeland Security, and the Defense Counterintelligence and Security Agency. This blog post outlines the CERT National Insider Threat Center's activities in support of this effort....

Read More
Patterns and Trends in Insider Threats Across Industry Sectors (Part 9 of 9: Insider Threats Across Industry Sectors)

Patterns and Trends in Insider Threats Across Industry Sectors (Part 9 of 9: Insider Threats Across Industry Sectors)

• Insider Threat Blog
Daniel Costa

In previous posts of our series analyzing and summarizing insider incidents across multiple sectors, we presented up-to-date statistics from the CERT National Insider Threat Center (NITC) Incident Corpus and looked closely at which types of insider incidents are prevalent within certain types of organizations. From there, we presented statistics on what types of assets those insider attacks target, the time frames associated with those attacks, and the tactics, techniques, and procedures the insiders used to...

Read More
Cybersecurity Governance, Part 1: 5 Fundamental Challenges

Cybersecurity Governance, Part 1: 5 Fundamental Challenges

• Insider Threat Blog
Seth Swinton

This post was co-authored by Stephanie Hedges. Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. This blog post examines five fundamental challenges of cybersecurity governance that, while not exhaustive, are essential to establishing and maintaining an effective cybersecurity governance program....

Read More
Keeping an Eye Out for Positive Risk

Keeping an Eye Out for Positive Risk

• Insider Threat Blog
Mary Beth Chrissis

We commonly think about risks having negative consequences. With each month bringing new cybersecurity threats, breaches, and vulnerabilities, sound risk management practices are necessary to protect your organization. However, when performing risk management, do organizations unnecessarily limit themselves by only thinking about risks as negative effects and not looking at positive effects, too?...

Read More