Software Engineering Institute | Carnegie Mellon University

SEI Insights

Insider Threat Blog

Real-World Work Combating Insider Threats

Hello, my name is Joji Montelibano, and I work in the CERT Insider Threat Center. When members of our team give presentations, conduct assessments, or teach courses, one of the most common questions is, "Just how bad is the insider threat?" According to the 2010 CyberSecurity Watch Survey, sponsored by CSO Magazine, the United States Secret Service (USSS), CERT, and Deloitte, the mean monetary value of losses due to cyber crime was $394,700 among the organizations that experienced a security event. Note that this figure accounts for all types of security incidents, including both insiders and outsiders. What is especially concerning is that 67% of respondents stated that insider breaches are more costly than outsider breaches.

Hi, this is Chris King. Any organization that stores data about individuals has a responsibility to protect that information. We regularly hear news stories about celebrities' personal information being stolen and released to the media. Some of these leaks are caused by unauthorized individuals at organizations who are entrusted with confidential data. Recently, the media reported on an incident in which the confidential records of a contestant on a popular reality television show were improperly accessed by employees in multiple law enforcement agencies, a municipal court, a prosecutor's office, and the state department of motor vehicles. These people were eventually identified and punished, but this incident should remind organizations that deal with confidential information that it is important to be proactive about monitoring for unauthorized access.

This entry is the first in a series of "deep dives" into insider threat.

Hi, this is Chris King from the CERT Insider Threat Center. Through the course of our research, we noticed that insiders couldn't be lumped into a single category. There are individuals who steal or commit fraud for profit, others who steal because of a sense of entitlement, and some who want to exact revenge against an organization simply because they are angry. We noticed a pattern in the ways insiders acted and were able to separate them into three main categories of crime: IT sabotage, theft of IP, and fraud. This entry focuses on IT sabotage.

Hi, this is Dawn Cappelli, technical manager of the Insider Threat Center at CERT. Thanks for taking the time to visit our new insider threat blog. As many of you know, we've been doing insider threat research since 2001. Our mission is to raise awareness of the risks of insider threat and to help identify the factors influencing an insider's decision to act, the indicators and precursors of malicious acts, and the countermeasures that will improve the survivability and resiliency of the organization. Our transition strategy has always included research reports, conference presentations, workshops, journal articles, and podcasts, and we still plan to use those methods for communicating the results of our research. However, with the insider threat landscape changing so quickly, we believe a blog is an effective vehicle for addressing current issues in a timelier manner.