search menu icon-carat-right cmu-wordmark

Insider Threat (new)

Created August 2019

Insiders, whether maliciously or not, pose a significant threat to organizations’ security. The 2016 U.S. State of Cybercrime Survey found that 27% of electronic crimes were suspected or known to be caused by insiders. The survey also revealed that 30% of the respondents thought that damage caused by insider attacks was more severe than damage caused by outsider attacks.

Because insiders know their organization’s policies, procedures, and technology, they have a significant advantage over external attackers. Insider incidents occur in all organizational sectors, often causing significant damage. These incidents include national security espionage; modifying or stealing confidential or sensitive information for personal gain; stealing trade secrets or customer information to be used for business advantage or to give to a foreign government or organization; sabotaging the organization’s data, systems, or networks; unintentionally exposing organizational critical assets to external adversaries; or causing physical harm in a workplace violence incident.

Dealing with insider threats requires a different strategy from other cybersecurity challenges because their inherent nature is different. CERT researchers are devoted to combating all types of cybersecurity issues, including insider threats. The approaches our experts developed help you identify potential and realized insider threats in your organization, institute ways to prevent and detect them, and establish processes to deal with them if they do happen.

Tools, Methods, and Services

We’ve studied more than 1,300 cases of fraud, theft of intellectual property, espionage, workplace violence, IT sabotage, and non-malicious insider incidents, and we’ve learned a lot about insider threats and how they tend to evolve over time. We transformed what we’ve learned into an array of offerings to help you defend against insider threats.

Our Insider Threat Vulnerability Assessment helps you identify technical vulnerabilities, business process gaps, management issues, and your organization’s ability to integrate behavior analytics into its threat assessment process. Our Program Development Workshop helps you develop an insider threat program in your organization. If you already have a program, our Insider Threat Program Evaluation helps you determine its effectiveness and identify a roadmap to move beyond minimum standards.

We also offer other tools and information about insider threat program development and mitigation.

Insider Threat Program Development

Insider Threat Mitigation

Blog

We’ve made several publications available to share our research. You can also learn more about our work by reading our blog.

Looking Ahead

We are transforming the Anomaly Detection at Multiple Scales (ADAMS) program at DARPA into a National Insider Threat Center, creating a capability across the DoD, U.S. government, law enforcement, industry, and academia to perform research, develop potential insider anomaly detection capabilities, evaluate insider threat solutions, and provide training for all member of an insider threat program team.

Managed by expert researchers at the Software Engineering Institute, this national center will combine subject-matter expertise, scientific rigor, and a wide range of partners and stakeholders to significantly advance the state of the art in insider threat prevention, detection, response, and training.

Common Sense Guide to Mitigating Insider Threats, Sixth Edition

Common Sense Guide to Mitigating Insider Threats, Sixth Edition

February 27, 2019 Technical Report
Michael C. TheisRandall F. TrzeciakDaniel L. Costa

The guide presents recommendations for mitigating insider threat based on the CERT Division's continued research and analysis of more than 1,500 insider threat cases.

read
CERT Insider Threat Center

CERT Insider Threat Center

November 22, 2017 Brochure
CERT Insider Threat Center

This booklet describes the CERT Insider Threat Center's purpose, products, and services, including assessments, workshops, courses, and certificate programs.

read
How to Build an Effective Insider Threat Program to Comply With the New NISPOM Mandate

How to Build an Effective Insider Threat Program to Comply With the New NISPOM Mandate

July 15, 2016 Webinar
Randall F. Trzeciak

In this webinar, Randy Trzeciak, Technical Manager of the CERT Insider Threat Center, described the summary of new requirements mandated by NISPOM Change 2 and the impact it will have on DoD contracting organizations.

watch
The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud)

The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud)

January 24, 2012 Book
Dawn M. CappelliAndrew P. MooreRandall F. Trzeciak

In this book, the authors present best practices for managing the security and survivability of people, information, technology, and facilities.

read

Related Courses

Insider Threat Program Evaluator (ITPE) Certificate Package

Students who wish to purchase the certificate program package (two eLearning courses, classroom course, certificate exam) will receive a discount from the total cost. The program packages correspond with scheduled classroom course dates, so select the program package that best meets your scheduling needs. The Insider Threat Program Evaluator...

Register

Insider Threat Program Manager (ITPM) Certificate Package

Students who wish to purchase the certificate program package (two eLearning courses, classroom course, certificate exam) will receive a discount from the total cost. The program packages correspond with scheduled classroom course dates, so select the program package that best meets your scheduling needs. The Insider Threat Program Manager...

Register