Hello, I'm Tracy Cassidy, a CERT cybersecurity researcher. This post is about the research the CERT Division is doing on unintentional insider threat (UIT) with a particular emphasis on phishing and malware incidents.
For the past year, the CERT Insider Threat Center, sponsored by the Department of Homeland Security, has been publishing reports on UIT. These reports include the initial and follow-on reports: Unintentional Insider Threats: A Foundational Study and Unintentional Insider Threats: Social Engineering.
Following the success of these reports, the Insider Threat Center continued its work on UIT, focusing on the newly designated PHISHING/SOCIAL threat vector and its subvectors, Malware and Credentials. These threat vectors/subvectors represent the use of phishing and/or social engineering as a means to implement malware or gain access to credentials. The intent of this work has been to identify the frequency of incident types that occur in different economic sectors within the United States.