search menu icon-carat-right cmu-wordmark

Insider Threat Blog

Real-World Work Combating Insider Threats

Latest Posts

InTP Series: Establishing an Insider Threat Program (Part 1 of 18)

InTP Series: Establishing an Insider Threat Program (Part 1 of 18)

• Insider Threat Blog
CERT Insider Threat Center

Are you planning on establishing an insider threat program in your organization? If so, you'll find this series of 18 blog posts helpful. In this post, the first in the series, I explain why having an insider threat program is a good idea and summarize the topics my colleagues and I will be covering in this series. My name is Randy Trzeciak, the Technical Manager of the Insider Threat Center in the CERT Division of...

Read More
Unintentional Insider Threats by Economic Sector

Unintentional Insider Threats by Economic Sector

• Insider Threat Blog
CERT Insider Threat Center

Hello, I'm Tracy Cassidy, a CERT cybersecurity researcher. This post is about the research the CERT Division is doing on unintentional insider threat (UIT) with a particular emphasis on phishing and malware incidents. For the past year, the CERT Insider Threat Center, sponsored by the Department of Homeland Security, has been publishing reports on UIT. These reports include the initial and follow-on reports: Unintentional Insider Threats: A Foundational Study and Unintentional Insider Threats: Social Engineering....

Read More

"Four Insider IT Sabotage Mitigation Patterns and an Initial Effectiveness Analysis" Paper Released

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is Matt Collins of the CERT Insider Threat Center. We are pleased to announce the publication of our paper "Four Insider IT Sabotage Patterns and an Initial Effectiveness Analysis." The paper describes four mitigation patterns of insider IT sabotage and initial results from a review of 46 cases from the CERT Insider Threat Database (MERIT Database). Each pattern was developed to prevent or detect potentially malicious actions related to insider threat IT sabotage...

Read More
Theft of Intellectual Property by Insiders

Theft of Intellectual Property by Insiders

• Insider Threat Blog
CERT Insider Threat Center

This is Matt Collins, Insider Threat Researcher at the CERT Insider Threat Center. In this post, I cover statistics related to a group of cases in the CERT Division's insider threat database related to the theft of intellectual property (IP). The CERT database was started in 2001 and contains insider threat cases that can be categorized into one of four groupings: Fraud Sabotage Theft of Intellectual Property (IP) Miscellaneous Today I'm discussing cases in our...

Read More
Analyzing Insider Threat Data in the MERIT Database

Analyzing Insider Threat Data in the MERIT Database

• Insider Threat Blog
CERT Insider Threat Center

Greetings! This is Matt Collins, an insider threat researcher with the CERT Insider Threat Center. In this post I describe some of the types of insider incident data we record in our Management and Education of the Risk of Insider Threat (MERIT) database. The CERT Insider Threat Center began recording cases of insider threat in 2001. To date we've recorded over 800 incidents using publicly available information. Those 800 plus cases span the years 1995...

Read More
The Latest CERT Research of Unintentional Insider Threats: Social Engineering

The Latest CERT Research of Unintentional Insider Threats: Social Engineering

• Insider Threat Blog
CERT Insider Threat Center

Hello, I'm David Mundie, a CERT cybersecurity researcher. This post is about the research CERT is doing on unintentional insider threats, in particular social engineering. Earlier this year, the CERT Division's Insider Threat Team published the report Unintentional Insider Threats: A Foundational Study that documents results of a study of unintentional insider threats (UIT), which was sponsored by the Department of Homeland Security Federal Network Resilience (FNR). Following the success of that report, we on...

Read More
International Considerations for Cybersecurity Best Practices

International Considerations for Cybersecurity Best Practices

• Insider Threat Blog
CERT Insider Threat Center

Hi! We are Lori Flynn and Carly Huth, CERT cybersecurity researchers. This post is about our recently published paper that describes how strategies for implementing international cybersecurity best practice should account for five factors: technology profile, laws and regulations, law enforcement, culture and subcultures, and corruption....

Read More
Seven Ways Insider Threat Products Can Protect Your Organization

Seven Ways Insider Threat Products Can Protect Your Organization

• Insider Threat Blog
CERT Insider Threat Center

Hi, this is George J. Silowash, Cybersecurity Threat and Incident Analyst for the CERT Division. Organizations may be searching for products that address insider threats but have no real way of knowing if a product will meet their needs. In the recently released report, Insider Threat Attributes and Mitigation Strategies, I explore the top seven attributes that insider threat cases have according to our database of over 700 insider incidents. These attributes can be used...

Read More