search menu icon-carat-right cmu-wordmark

Insider Threat Blog

Real-World Work Combating Insider Threats

Latest Posts

Maturing Your Insider Threat Program into an Insider Risk Management Program

Maturing Your Insider Threat Program into an Insider Risk Management Program

• Insider Threat Blog
Daniel Costa

Having trouble clearly stating the scope of your insider threat program? Struggling with measuring the program's effectiveness? Failing to provide actionable intelligence to the program stakeholders? Lacking consensus regarding your organization's current security posture against insider threats? These are signs that your insider threat program may not be properly integrated with a risk management program within your organization. In this blog post, we will discuss the benefits of grounding insider threat program operations in the...

Read More
Anti-Phishing Training: Is It Working? Is It Worth It?

Anti-Phishing Training: Is It Working? Is It Worth It?

• Insider Threat Blog
Mike Petock

Phishing attacks target human, rather than technical, vulnerabilities. Some organizations, companies, government agencies, educational institutions, and individuals put on blinders and hope it doesn't happen to them. Others try to prevent the problem by paying for anti-phishing training. Speaking from a cybersecurity trainer's perspective, good training should change user behavior and reduce the primary problem: in this case, an incident or breach initiated by a successful phishing attack. Even for effective training, the cost should...

Read More
Technology Trends in Data Exfiltration

Technology Trends in Data Exfiltration

• Insider Threat Blog
Alex Pickering

One of our goals at the CERT National Insider Threat Center (NITC) is to monitor the shifting landscape of insider threat to identify tools and techniques insiders may use to harm to their organization. Our expanding repository of insider incidents shows that the tools and techniques insiders use to exploit vulnerabilities change rapidly as new technologies emerge and organizations evolve how they protect their assets. This blog post will look at the emergence of technologies...

Read More
Measuring Resilience in Artificial Intelligence and Machine Learning Systems

Measuring Resilience in Artificial Intelligence and Machine Learning Systems

• Insider Threat Blog
Alexander Petrilli

Shing-Hon Lau co-authored this post. Artificial intelligence (AI) and machine learning (ML) systems are quickly becoming integrated into a wide array of business and military operational environments. Organizations should ensure the resilience of these new systems, just as they would any other mission-critical asset. However, the "black box" decision-making processes that can make AI and ML systems so useful may also make the measurement of their resilience different than traditional measures. This blog posts describes...

Read More
Mapping Cyber Hygiene to the NIST Cybersecurity Framework

Mapping Cyber Hygiene to the NIST Cybersecurity Framework

• Insider Threat Blog
Matthew Trevors

In honor of Cybersecurity Awareness Month, I decided to put fingers to keys and share some basic practices that every organization should consider for their cyber hygiene initiatives. This blog post will describe a process to determine if 41 foundational practices from the CERT Resilience Management Model (CERT-RMM) are part of your NIST Cybersecurity Framework v1.1 target profile....

Read More
Managing the Risks of Ransomware

Managing the Risks of Ransomware

• Insider Threat Blog
David Tobar

This blog post was co-authored by Jason Fricke. Ransomware poses a growing threat to both businesses and government agencies. Though no strategy can fully eliminate these risks, this post provides recommendations, and links to additional best practices, on better managing ransomware risks....

Read More
Insider Threat Incident Analysis: Court Outcome Observations

Insider Threat Incident Analysis: Court Outcome Observations

• Insider Threat Blog
Nick Miller

In the United States, legal cases may be tried in criminal court or civil court. According to data in the CERT National Insider Threat Center (NITC) incident corpus, the type of court makes a big difference in the legal outcomes of insider attack cases. This blog post analyzes these differences, specifically sentencing and restitution in criminal cases and findings of liability in civil cases. This blog post does not, and is not intended to, constitute...

Read More
Improving Insider Threat Detection Methods Through Software Engineering Principles

Improving Insider Threat Detection Methods Through Software Engineering Principles

• Insider Threat Blog
Daniel Costa

Tuning detective controls is a key component of implementing and operating an insider threat program, and one we have seen many organizations struggle with. Our work helping organizations with their insider threat programs has revealed common challenges with any tool that generates alerts of potential insider risk, such as user activity monitoring (UAM), security information event management (SIEM), or user and entity behavioral analytics (UEBA) tools. In this blog post, we will discuss some of...

Read More