search menu icon-carat-right cmu-wordmark

Archive: 2020

Insider Threat Incidents: Assets Targeted by Malicious Insiders

Insider Threat Incidents: Assets Targeted by Malicious Insiders

• Insider Threat Blog
Sarah Miller

As part of the CERT National Insider Threat Center's ongoing efforts to refine and improve our Incident Corpus, and to provide more data to the community, we have updated our taxonomy for targeted assets in insider threat incidents. We have identified a number of dimensions--asset owner, asset type, and classification--we can use to aggregate and analyze targets of insider threat incidents. In this blog post, I detail this new taxonomy and highlight some of our...

Read More
Highlights from the 7th Annual National Insider Threat Center (NITC) Symposium, Day One

Highlights from the 7th Annual National Insider Threat Center (NITC) Symposium, Day One

• Insider Threat Blog
Daniel Costa

This post was co-authored by Sarah Miller. This year's seventh annual National Insider Threat Symposium, "From Mitigating Insider Threats to Managing Insider Risk," focuses on proactive approaches to reducing the impact and likelihood of insider incidents within organizations. The two-day symposium, which had its first session on September 10 and continues on September 24, gathers recognized leaders in insider threat research, as well as leading-edge insider threat program practitioners in both government and industry, to...

Read More
Insider Threat Incidents: Communication Channels

Insider Threat Incidents: Communication Channels

• Insider Threat Blog
Sarah Miller

This post was co-authored by Alex Pickering. The CERT National Insider Threat Center collects, categorizes, and analyzes technical insider incidents--those in which the insider used technology--to monitor the evolving insider threat landscape. In a previous blog post, we reviewed the devices that are affected in insider threat incidents. In this post, we categorize incidents by the channels insiders use to communicate with their co-conspirators as they plan, attack, or conceal their attack on an organization....

Read More
Insider Threat Incidents: Most Commonly Affected Devices

Insider Threat Incidents: Most Commonly Affected Devices

• Insider Threat Blog
Sarah Miller

This post was co-authored by Alex Pickering. At the CERT National Insider Threat Center, we collect, analyze, and categorize insider incidents to populate our CERT Insider Threat Incident Corpus and monitor the evolving insider threat landscape. We recently expanded our taxonomy to classify the devices that insiders affect. This post will discuss the types of devices affected by insider threat incidents and how they impact insider risk management and incident response....

Read More
Organizational Resilience to Insider Threats

Organizational Resilience to Insider Threats

• Insider Threat Blog
Daniel Costa

This September is the federal government's second annual insider threat awareness month, and this year's theme is resilience. The SEI has a significant body of research in resilience, and in the CERT National Insider Threat Center, we apply many of the principles and best practices for resilience to the insider threat problem. In this blog post, we will discuss the relationship between resilience and insider threat, discuss how to make organizations operationally resilient to insider...

Read More
Functional Requirements for Insider Threat Tool Testing

Functional Requirements for Insider Threat Tool Testing

• Insider Threat Blog
Robert M. Ditmore

Derrick Spooner co-authored this post. Because of the scope and scale of the insider threat, the SEI recommends that organizations adopt a use-case-based approach to insider risk mitigation. In such an approach, organizations iteratively deploy capabilities to prevent, detect, and respond to the greatest threats to their most critical assets. However, the tools modern insider threat programs rely on to collect and analyze data do not adapt themselves to the organization or its changing insider...

Read More
Maturing Your Insider Threat Program into an Insider Risk Management Program

Maturing Your Insider Threat Program into an Insider Risk Management Program

• Insider Threat Blog
Daniel Costa

Having trouble clearly stating the scope of your insider threat program? Struggling with measuring the program's effectiveness? Failing to provide actionable intelligence to the program stakeholders? Lacking consensus regarding your organization's current security posture against insider threats? These are signs that your insider threat program may not be properly integrated with a risk management program within your organization. In this blog post, we will discuss the benefits of grounding insider threat program operations in the...

Read More
Anti-Phishing Training: Is It Working? Is It Worth It?

Anti-Phishing Training: Is It Working? Is It Worth It?

• Insider Threat Blog
Mike Petock

Phishing attacks target human, rather than technical, vulnerabilities. Some organizations, companies, government agencies, educational institutions, and individuals put on blinders and hope it doesn't happen to them. Others try to prevent the problem by paying for anti-phishing training. Speaking from a cybersecurity trainer's perspective, good training should change user behavior and reduce the primary problem: in this case, an incident or breach initiated by a successful phishing attack. Even for effective training, the cost should...

Read More
Technology Trends in Data Exfiltration

Technology Trends in Data Exfiltration

• Insider Threat Blog
Alex Pickering

One of our goals at the CERT National Insider Threat Center (NITC) is to monitor the shifting landscape of insider threat to identify tools and techniques insiders may use to harm to their organization. Our expanding repository of insider incidents shows that the tools and techniques insiders use to exploit vulnerabilities change rapidly as new technologies emerge and organizations evolve how they protect their assets. This blog post will look at the emergence of technologies...

Read More