search menu icon-carat-right cmu-wordmark

Archive: January 2020

Maturing Your Insider Threat Program into an Insider Risk Management Program

Maturing Your Insider Threat Program into an Insider Risk Management Program

• Insider Threat Blog
Daniel Costa

Having trouble clearly stating the scope of your insider threat program? Struggling with measuring the program's effectiveness? Failing to provide actionable intelligence to the program stakeholders? Lacking consensus regarding your organization's current security posture against insider threats? These are signs that your insider threat program may not be properly integrated with a risk management program within your organization. In this blog post, we will discuss the benefits of grounding insider threat program operations in the...

Read More
Anti-Phishing Training: Is It Working? Is It Worth It?

Anti-Phishing Training: Is It Working? Is It Worth It?

• Insider Threat Blog
Mike Petock

Phishing attacks target human, rather than technical, vulnerabilities. Some organizations, companies, government agencies, educational institutions, and individuals put on blinders and hope it doesn't happen to them. Others try to prevent the problem by paying for anti-phishing training. Speaking from a cybersecurity trainer's perspective, good training should change user behavior and reduce the primary problem: in this case, an incident or breach initiated by a successful phishing attack. Even for effective training, the cost should...

Read More
Technology Trends in Data Exfiltration

Technology Trends in Data Exfiltration

• Insider Threat Blog
Alex Pickering

One of our goals at the CERT National Insider Threat Center (NITC) is to monitor the shifting landscape of insider threat to identify tools and techniques insiders may use to harm to their organization. Our expanding repository of insider incidents shows that the tools and techniques insiders use to exploit vulnerabilities change rapidly as new technologies emerge and organizations evolve how they protect their assets. This blog post will look at the emergence of technologies...

Read More