New CERT ‘Common Sense Guide to Mitigating Insider Threats’ Released

Did you know that cyberattacks from employees and other insiders is a common problem that you should be planning for and preventing?

Insiders pose a substantial threat to your organization because they have the knowledge and access to proprietary systems that allow them to bypass security measures through legitimate means.

The nature of insider threats is different from other cybersecurity challenges; these threats require a different strategy for preventing and addressing them.

At the CERT Insider Threat Center at Carnegie Mellon’s Software Engineering Institute (SEI), we are devoted to combatting cybersecurity issues.

(Learn More about the CERT Insider Threat Center. Courtesy of CMU SEI and YouTube)

Our research has uncovered information that can help you identify potential and realized insider threats in your organization, institute ways to prevent them, and establish processes to deal with them if they do happen.

As part of those efforts, CERT has released the fifth edition of the Common Sense Guide to Mitigating Insider Threats, which is available for download on the SEI website.

The Guide describes 20 practices that organizations should implement across the enterprise to prevent and detect insider threats, as well as case studies of organizations that failed to do so.

“The new edition of the Guide comes at critical time for organizations developing insider threat programs,” said Randy Trzeciak, technical manager of the CERT Insider Threat Center.

“The insider threat landscape has changed considerably since the previous edition, especially with new directives that government and government-contractor organizations must follow.”

Updates to the Guide reflect the movement of government and private organizations toward the startup of insider threat programs.

Changes include:

  • Reordering of best practices to better align with the development of insider threat programs
  • Recognizing the threat posed by non-malicious (accidental) insiders
  • Significant updates to best practices
  • One new practice
  • New case studies for each best practice

This edition also focuses on six groups within an organization—Human Resources, Legal, Physical Security, Data Owners, Information Technology, and Software Engineering—and maps the relevant groups to each practice.

(Learn More about the Carnegie Mellon University Software Engineering Institute (SEI). Courtesy of CMU SEI and YouTube)

The threat of attack from insiders is real and substantial.

The 2016 U.S. State of Cybercrime Survey, sponsored by the CERT Insider Threat Center, United States Secret Service, CSO Magazine, and PWC, found 27% of electronic crime events were suspected or known to be caused by insiders.

The survey also revealed that 30% of the respondents thought that damage caused by insider attacks was more severe than damage from outsider attacks.

“The Guide lays out the practices that organizations should consider in identifying their critical assets and protecting them from malicious and unintentional insider threats,” said Trzeciak. “It’s the first step an organization should take in a continuum that includes program building, manager and staff training, and organizational insider threat assessments.”

The Software Engineering Institute (SEI) is a federally funded research and development center sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University.

The SEI works with organizations to make measurable improvements in their software engineering capabilities by providing technical leadership to advance the practice of software engineering.

The CERT Cybersecurity Division of the SEI is the world’s leading trusted authority dedicated to improving the security and and networks and a national asset in the field of cybersecurity.