CERT-SEI
CERT Insider Threat Blog

"Spotlight On: Insider Threat from Trusted Business Partners" Article Revised and Released

By CERT Insider Threat Center on 11/02/2012 | Permalink

Hello, this is Todd Lewellen of the CERT Insider Threat Center. We are excited to announce that a revised version of our Spotlight On: Insider Threat from Trusted Business Partners article has been released. It has been almost three years since the first version of this article was published. During that time, our collection of insider threat case data has grown significantly. Specifically, we have collected 30 additional cases involving trusted business partners (TBPs) alone, which increased our sample population from 45 to 75 cases. Some of these case examples have been included in the new revision of the article.

We split TBP cases into two categories: (1) individual TBPs and (2) organizational TBPs. Individual TBPs are contractors, consultants, and temporary employees; whereas organizational TBPs are outsourced companies performing a specific service. In other words, your organization experiences an individual relationship with a TBP when the TBP is directly managed as if he or she is one of your own personnel. Your organization experiences an organizational relationship when that TBP is another organization that manages its own personnel. These two relationships are described in further detail in the revised article.

With the new data from our 30 additional cases, many of our initial conclusions in the first version of the article were reinforced. In addition, a few new observations came to light. For example, between the first version’s publication in February 2010 and the newest revision, we saw many more organizational TBPs who used unauthorized access channels to perpetrate their malicious acts. In general, we saw an overall increase in the number of attacks caused by organizational TBPs as opposed to individual TBPs. These are just two small but distinctly important new findings; the article yields several more.

One exciting addition to the new revision is a comparison between TBP insiders and traditional “non-TBP” insiders. To fully understand the insider threat problem in the context of TBP relationships, we believe it is incredibly useful to understand the similarities and differences that offending TBPs share with your own hired staff.

We invite you to reconsider, reassess, and reeducate yourself on threats posed by your trusted business partners. You can find the updated and revised article under the “What’s New” section of our Insider Threat page.

Topics: Insider Threat