September 2019 has been declared National Insider Threat Awareness Month by the National Insider Threat Task Force, the National Counterintelligence and Security Center, the Federal Bureau of Investigation, the Office of the Under Secretary of Defense (Intelligence), the Department of Homeland Security, and the Defense Counterintelligence and Security Agency. This blog post outlines the CERT National Insider Threat Center's activities in support of this effort.

In a July 23 memo to insider threat practitioners, Mr. William Evanina, Director of the National Counterintelligence and Security Center, stressed the importance of awareness as a key pillar to insider threat defense. To help organizations promote insider threat awareness, the Center for Development of Security Excellence (CDSE) highlighted two goals for insider threat programs during National Insider Threat Awareness Month: to familiarize each organization's workforce with its insider threat program and maximize concerning behavior reporting.

We recommend organizations emphasize each employee's role in protecting authorized access to the organization's critical assets from misuse, both malicious and unintentional. Part of this role involves knowing what concerning behaviors and potential insider threat activity to look for, and what to do once it is identified. Using this context to introduce insider threat programs to the workforce and encourage the reporting of concerning behavior has helped organizations manage negative connotations about insider threat programs, as well as set employee expectations around how the organization uses--and does not use--reporting activity.

Here is what you can expect from the CERT National Insider Threat Center during National Insider Threat Awareness Month:

• The CERT National Insider Threat Center will hold a live webinar on Thursday, September 19 from 1 to 2 p.m. EDT titled "Insider Threat. Your Questions. Our Answers." Our subject matter experts will provide an overview of the ongoing research in insider threat mitigation and answer your questions about how the threat landscape continues to evolve and what organizations can and should do to address insider threats.
• Each week this month, we will publish a new blog post presenting the latest from our ongoing research and development efforts for insider threat mitigation. These blog posts will include
  • updated statistics from our insider threat incident corpus
  • best practices for developing and validating insider threat detection capabilities
  • strategies on how to ensure effective, compliant, and legal insider threat program operations

Whether you are just interested in learning more or building an insider threat program to comply with Executive Order 13587 or NISPOM Conforming Change 2, respond to an insider incident, or proactively mitigate the insider threat within your own organization, here is how we can help.

• Our website contains more than 125 publicationscontaining actionable intelligence on insider threat mitigation. Featured research includes the following:
  • Common Sense Guide to Mitigating Insider Threats, Sixth Edition - a collection of 21 best practices for insider threat mitigation, complete with case studies and statistics
  • Balancing Organizational Incentives to Counter Insider Threat - a study on how positive incentives can complement traditional security practices to provide a better balance for organizations' insider threat programs
  • Navigating the Insider Threat Tool Landscape - an exploration of the types of tools that organizations can use to prevent, detect, and respond to multiple types of insider threats
  • Insider Threats Across Industry Sectors - a multi-part blog series that contains the most up-to-date statistics from our database on sector-specific insider threats
  • Effective Insider Threat Programs: Understanding and Avoiding Potential Pitfalls - a discussion of ways insider threat programs can and have failed, and strategies on how to avoid these mistakes within your own organization
  • Analytic Approaches to Detect Insider Threats - a discussion of various insider threat detection strategies and the analytic techniques used to identify common concerning behaviors and activity
  • Spotlight On: Insider Theft of Intellectual Property Inside the United States Involving Foreign Governments or Organizations - a deep dive into a specific insider incident type from our insider threat incident corpus, with recommended best practices included
  • Workplace Violence & IT Sabotage: Two Sides of the Same Coin - a look at the potential similarities between the progressions of workplace violence incidents and cases of IT systems sabotage
  • An Insider Threat Indicator Ontology - a controlled vocabulary and semantic knowledge model for expressing and detecting insider incidents
• We help organizations measure their security posture against insider threats and measure the effectiveness of their insider threat programs and insider threat controls. In addition, we provide training to individuals looking to learn how to conduct Insider Threat Vulnerability Assessments and Insider Threat Program Evaluations using our methodologies and maintain a partner network of organizations who are licensed to provide these services.
• We provide a wide variety of insider threat trainingfocused on various audiences and aspects of insider threat program building, including
  • General Insider Threat Awareness Training
  • Insider Threat Program Manager Training
  • Insider Threat Analyst Training

As a part of a Federally Funded Research and Development Center, the CERT National Insider Threat Center has a mission to continue to lead and advance the research and development of socio-technical solutions to combat insider threats. You can contact us at insider-threat-feedback@cert.org with any questions or suggestions on future collaborations or research areas.