Insider Threat Research
The CERT Insider Threat Center is uniquely positioned as a trusted broker to directly assist the community in the short term as well as contribute long term through our ongoing research. CERT researchers also develop and conduct assessments and workshops and maintain a blog.
We have been researching insider threats since 2001 in partnership with the Department of Defense, the Department of Homeland Security, the U.S. Secret Service, other federal agencies, the intelligence community, private industry, academia, and the vendor community. Some of this research includes
- Collecting insider threat cases (now numbering over 1,000) and examining them from technical and behavioral perspectives
- Creating controls that can be used for preventing, detecting, and responding to insider incidents
- Analyzing cases helps private industry, government, and law enforcement better understand, detect, and possibly prevent harmful insider activity
- Formulating and publishing best practices for mitigating insider threats
- Identifying unique patterns of insider threat behavior, including intellectual property (IP) theft, IT sabotage, fraud, espionage, and unintentional insider incidents
- Combining modeling and simulation and empirical data to illustrate the complexity of the insider threat
Much of our research draws on a database of hundreds of real insider threat cases we've collected from news media, industry reports, and other public sources. Once segmented and coded, the data drives anonymized, custom studies of many aspects of the insider threat problem.
The Insider Threat team collaborated with the U.S. Secret Service and CSO Magazine to conduct, analyze, and publish findings from an annual Cybersecurity Watch Survey. It was conducted to identify electronic crime fighting developments and techniques, including best practices and emerging trends.
Help Combat Insider Threats
The Insider Threat Center is always seeking new opportunities to understand and mitigate the insider threat.