search menu icon-carat-right cmu-wordmark

Insider Threat Blog

Real-World Work Combating Insider Threats

Latest Posts

Theft of Intellectual Property and Tips for Prevention

Theft of Intellectual Property and Tips for Prevention

• Insider Threat Blog
CERT Insider Threat Center

One of the most damaging ways an insider can compromise an organization is by stealing its intellectual property (IP). An organization cannot underestimate the value of its secrets, product plans, and customer lists. In our recent publication, An Analysis of Technical Observations in Insider Theft of Intellectual Property Cases, we took a critical look at the technical aspects of cases in which insiders who stole IP from their organization. Insiders commit these crimes for various...

Read More
Insider Threat Deep Dive: Theft of Intellectual Property

Insider Threat Deep Dive: Theft of Intellectual Property

• Insider Threat Blog
CERT Insider Threat Center

This entry is part of a series of "deep dives" into insider threat. The previous entry focused on IT sabotage. Hi, this is Chris King. From our research, we realized that malicious insiders do not all fit into a single category. We found that there are individuals who steal or commit fraud for financial gain, others who steal intellectual property because of a sense of entitlement or to obtain a position with a competitor, and...

Read More
Insider Threat and Physical Security of Organizations

Insider Threat and Physical Security of Organizations

• Insider Threat Blog
CERT Insider Threat Center

Physical access to an organization's secure areas, equipment, or materials containing sensitive data may make it easier for a malicious insider to commit a crime. Therefore, an organization's physical security controls are often just as important as its technical security controls. This entry reviews some real case examples of physical security issues as well as some physical security controls....

Read More
Insider Threat Best Practices from Industry

Insider Threat Best Practices from Industry

• Insider Threat Blog
CERT Insider Threat Center

Hello, this is George Silowash from the Insider Threat Center at CERT. I had the opportunity to attend RSA Conference 2011 with two of my colleagues, Dawn Cappelli and Joji Montelibano. Insider threat was a popular topic at the conference this year--vendors discussed it in sales pitches, and security practitioner presentations focused on the problem. In addition to being speakers at the conference, staff members from the Insider Threat Center were there to gather ideas...

Read More
Insider Threats in the Software Development Lifecycle

Insider Threats in the Software Development Lifecycle

• Insider Threat Blog
CERT Insider Threat Center

Developers often have full access to the source code of critical systems to do their job. This same access can also be used to insert logic bombs, sabotage the system, or siphon money from an organization. We have seen numerous cases of developers and system administrators exploiting parts of the software development lifecycle to commit their crimes. In this entry, we examine some recent cases involving developers who became malicious insiders....

Read More
Insider Threat Case Trends of Technical and Non-Technical Employees

Insider Threat Case Trends of Technical and Non-Technical Employees

• Insider Threat Blog
CERT Insider Threat Center

This is the second of two blog entries that explore questions we were asked during a recent meeting with leaders from the U.S. financial services sector. In this entry, we focus on what role malicious insiders typically hold in an organization: a non-technical position, a technical position, or both. "Non-technical" includes positions such as management, sales, and auditors. "Technical" includes positions such as system or database administrators, programmers, and helpdesk employees. "Both" includes overlapping jobs...

Read More
Insider Threat Case Trends for Employee Type and Employment Status

Insider Threat Case Trends for Employee Type and Employment Status

• Insider Threat Blog
CERT Insider Threat Center

We recently met with leaders from the U.S. financial services sector, and they asked a number of questions about recent trends in insider threat activities. We are often asked these types of questions, and we can answer many of them right away. Others require more extensive data mining in our case database. In this entry, we address the following question: Between current employees, former employees, and contractors, is one group most likely to commit these...

Read More