Insider Threat: Emerging Risks

Organizations Must Watch for Outsiders Manipulating Insiders

By , May 1, 2012.
Insider Threat: Emerging Risks

For years, people have been concerned about malicious insider threats. But an emerging trend to pay attention to is the malicious outsider taking advantage of an inadvertent insider, says Dawn Cappelli of Carnegie Mellon University.

See Also: Don't Be The Next OPM: Recognizing Risk

Cappelli, along with Randy Trzeciak, both leaders with the CERT Program at Carnegie Mellon's Software Engineering Institute, recently wrote the book, "The CERT Guide to Insider Threats," which focuses on the top internal risks at organizations.

And out of their research came the emerging trend of the inadvertent insider. "A few years ago we started realizing that inadvertent insider threats were becoming a problem, but those were mainly cases where people forgot a laptop somewhere that had confidential information it, or data leakage problems," Cappelli says in an interview with Information Security Media Group's Tom Field [transcript below].

The challenge Cappelli now sees is the outsider using inadvertent insiders to get inside networks. "That's a new strategic direction that my team is now working on," she says.

"It's going to be important for organizations to recognize ... the unintentional, and try to determine if there are controls that can be effective both against the intentional insider in an organization as well as the unintentional insider," says Trzeciak.

In an exclusive interview on the insider threat, Cappelli and Trzeciak discuss:

  • The evolution of the insider threat;
  • Key trends to watch in 2012;
  • Advice on how organizations can protect themselves.

Cappelli, CISSP, is Technical Manager of the Insider Threat Center and the Enterprise Threat and Vulnerability Management team in the CERT Program at Carnegie Mellon University's Software Engineering Institute. Her team's mission is to assist organizations in improving their security posture and incident response capability by researching technical threat areas; developing information security assessment methods and techniques; and providing information, solutions and training for preventing, detecting, and responding to illicit activity. Her team members are domain experts in insider threat and incident response, and team capabilities include threat analysis and modeling; development of security metrics and assessment methodologies; and creation and delivery of training, courses, and workshops. Dawn has 30 years of experience in software engineering, including programming, technical project management, information security, and research. She is often an invited speaker at national and international venues, is an adjunct professor in Carnegie Mellon's Heinz College of Public Policy and Management and is currently Vice-Chair for the CERT Computer Security Incident Handler Certification Advisory Board.

Trzeciak is currently a senior member of the technical staff at CERT. He is the technical team lead of the Insider Threat Research team; a team focusing on insider threat research; threat analysis and modeling; assessments; and training. Randy has over 20 years experience in software engineering; database design, development, and maintenance; project management; and information security. Before joining Carnegie Mellon University, Randy worked for Software Technology Incorporated, in Alexandria VA, as a consultant to the Naval Research Laboratory (NRL). He also is an adjunct professor at Carnegie Mellon's Heinz College, Graduate School of Information Systems and Management. Randy holds an MS in Management from the University of Maryland and a BS in Management Information Systems and a BA in Business Administration from Geneva College.

TOM FIELD: To get started, why don't you each introduce yourself, starting with you Dawn. Tell us a little bit about your current work and then we'll talk about the book.

DAWN CAPPELLI: I'm the technical manager of the Enterprise Threat and Vulnerability Management team in the CERT program, which is part of the Software Engineering Institute at Carnegie Mellon University. Part of my team is to serve insider threat centers, so for the past ten years my team has been researching insider threats.

FIELD: Randy, perhaps you could tell us a little bit about yourself.

RANDY TRZECIAK: I'm a technical team lead for the Insider Threat Research Group within the Insider Threat Center. I've been working with Dawn for the past six-plus years on the insider threat problem and, again, from a standpoint of trying to identify what organizations can do to better prevent, detect or respond to insider activity in their organizations.

Follow Jeffrey Roman on Twitter: @gen_sec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Tech Start-Up Slack Technologies Hacked

Slack Technologies, a tech start-up that offers a group chat tool, announces it's rolling out...

Latest Tweets and Mentions

ARTICLE Tech Start-Up Slack Technologies Hacked

Slack Technologies, a tech start-up that offers a group chat tool, announces it's rolling out...

The ISMG Network