SEI Insights

Insider Threat Blog

Real-World Work Combating Insider Threats

Hi, this is Dawn Cappelli of the CERT Insider Threat Center. We always feel proud when we see others recognize our hard work and, better yet, communicate the results of our work to others. SC Magazine, FedTech, Information Week, eWeek, and GovInfoSecurity have all published articles about the work that the CERT Insider Threat Center has done. We've collected excerpts from each here with a link to the complete article so you can take a look.

Hello, this is Todd Lewellen, information systems security analyst for the CERT Insider Threat Center. We recently conducted a cursory search through our MERIT database for case examples across different industry sectors. This search reminded us just how indiscriminately insider attacks can appear throughout public and private sectors. In other words, while certain insider attacks tend to manifest themselves more often in specific industry sectors, no sector is free from the actions of malicious insiders.

Hi, this is Randy Trzeciak of the CERT Insider Threat Center. Recently, we completed a study that revealed insights into the type of insiders who commit insider financial cyber fraud, how they do it, and what they steal. The study, funded by the U.S. Department of Homeland Security (DHS) Science and Technology Directorate, involved 80 real cases of insider cyber fraud in the financial services sector. We conducted the study working with the U.S. Secret Service, the U.S. Department of the Treasury, and project partners from the U.S. financial services sector.

A third type of cloud-related insider is one who uses cloud services to carry out an attack on his own employer. This type of insider is similar to the previous type who targets systems or data in the cloud. In contrast, the third type of insider uses the cloud as a tool to carry out an attack on systems or data targeted, which are not necessarily associated with cloud-based systems.

Hi, this is Bill Claycomb and Alex Nicoll with installment 3 of a 10-part series on cloud-related insider threats. In this post, we discuss a second type of cloud-related insider threat: those that exploit weaknesses introduced by use of the cloud.

Last week we discussed the rogue administrator, one type of cloud-related insider threat. A second type of cloud-related insider threat, often overlooked by security researchers, is the insider who exploits vulnerabilities exposed by the use of cloud services to gain unauthorized access to organization systems and/or data. This type of attack may be malicious or accidental, and is sometimes enabled by differences in security policies or access control models between cloud-based and local systems.