Governance & Risk Management
2014 State of the Insider Threat
More than half of surveyed organizations say they have experienced an insider incident, and 53 percent say insider attacks are more damaging than those launched externally. So, what can security leaders do to get a better handle on the insider threat in 2014? Join this expert panel, led by Michael Theis of the CERT Insider Threat Center at the Carnegie Mellon University Software Engineering Institute, for the latest insight and strategies on:
- The unintentional insider threat;
- Insider threats in the cloud;
- Best practices for insider threat mitigation.
From the malicious insider to the innocent employee who makes a costly mistake, the insider threat comes in many flavors, and organizations need security controls in place to monitor for signs of fraud, intellectual property theft and sabotage.
As defined by the CERT Insider Threat Center within the Software Engineering Institute at Carnegie Mellon University, a malicious insider threat is "a current or former employee, contractor or other business partner who has or had authorized access to an organization's network, system or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity or availability of the organization's information or information systems."
Since 2001, the Insider Threat Center at CERT has conducted research into the threats posed by insiders and has gathered data on hundreds of cases of actual malicious insider incidents, including IT sabotage, fraud, theft of confidential or proprietary information, espionage and potential threats to the critical infrastructure of the United States.
Most recently, the Insider Threat Center has studied the unintentional insider threat, defined as (1) a current or former employee, contractor, or business partner (2) who has or had authorized access to an organization's network, system, or data and who, (3) through action or inaction without malicious intent, (4) causes harm or substantially increases the probability of future serious harm to the confidentiality, integrity, or availability of the organization's information or information systems."
In the course of this panel discussion, we will review the latest research and case studies on:
- Top malicious and inadvertent insider threats to organizations;
- How the insider threat manifests in the cloud;
- Strategies and solutions to help prevent insider fraud, sabotage & intellectual property theft.