NATIONAL INSIDER THREAT SPECIAL INTEREST GROUP INSIDER THREAT INCIDENTS REPORTS EMAGAZINE NEWS
p
NATIONAL INSIDER
THREAT SPECIAL INTEREST GROUP NITSIG
pp
pp
HOME
ADVISORY BOARD
MEMBERSHIP CHAPTERS
MEETINGS
PUBLIC SPEAKINGpp
INSIDER THREAT
INCIDENTS EMAGAZINEpp
INSIDER THREAT SURVEYS REPORTS INCIDENTSpp
INSIDER THREAT
MITIGATION RESOURCESpp
INSIDER THREAT SYMPOSIUM
EXPOpp
INSIDER THREAT
MITIGATION VENDORS pp
SPONSORS PRESS RELEASES
CONTACT USpp pp pp
pp
pp
INSIDER THREAT INCIDENTS
RESEARCH REPORTSpp
pp
The NITSIG in
conjunction with the
Insider Threat Defense Group have researched and analyzed over
6000 Insider Threat incidents over 13 yearspp
pp
These EYE OPENING
monthly reports show just how serious the Insider Threat problem is and
the very costly and damaging impacts to organizations of all types and
sizes pp
pp
The SEVERE
IMPACTS Can Be Caused Bypp
Just 1 Employeepp
Multiple Employees
In Collusion pp
Employees In
Collusion With External CoConspiratorspp
pp
Managing Employee
Threats In An Organization Is More Than Just Dealing Withpp
Employee
Dissatisfactionpp
Employee To Employee
Relationship Problemspp
Employee To
Supervisor Relationship Problemspp
Negative Performance
Reviewspp
Diversity Problemspp
Suspicious Technical
Behaviorspp
Preventing Sexual
Harassment Workplace Violencepp
There are many other
types of Malicious Actions caused by employees who may be very
disgruntled that can be very damaging and have very serious impacts to
an organizationpp
pp
Examplespp
Financial Loss
Trade Secrets Data Theft Embezzlementpp
Operational Impact
For The Organization To Execute Its Mission IT Network Sabotage Data
Destruction Sabotage To Facility Etcpp
Legal Compliance
Liability Impactspp
Stock Price
Reductionpp
Employees Lose Jobs
Company Goes Out Of Business pp
And Morepp
CISA
Insider Threat Types Chartpp
CERT Insider
Threat Chart
Threats Vs Damagespp
pp
pp
pp
pp
pp
Employees Looking To Live Extravagant Lifestylespp
NITSIG research also
indicates many employees may not be disgruntled but have other motives
such as financial gain to live a better lifestyle etc pp
pp
You might be shocked
as to what employees do with the money they steal or embezzle from
organizations and businesses and how many years they got away with it
until they were caught 1 To 20 Yearspp
pp
pp
What Do Employees Do With The Money They Embezzle Steal From Federal
State Government Agencies Businesses Or With The Money They Receive
From Bribes Kickbackspp
They Have Purchased
Vehicles Collectible Cars Motorcycles Jets Boats Yachts
Jewelry Buy Properties Businesses
They Have Used Company Funds Credit Cards To Pay For
Rent Leasing Apartments Furniture Monthly Vehicle Payments
Credit Card Bills Lines Of Credit Child Support Student Loans Fine
Dining Wedding Anniversary Parties Cosmetic Surgery Designer
Clothing Tuition Travel Renovate Homes Auto Repairs Fund Shopping
Gambling Addictions Fund Their Side Business Family Business Buying
Stocks Firearms Ammunition Camping Equipment Pet Grooming And
More
They Have Issued Company Checks To
Themselves Family Members Friends Boyfriends Girlfriendspp
pp
These reports will
give the reader a comprehensive view of the Actual Malicious Actions
employees are taking against their employers pp
pp
Many CEOs Boards
and CSuites have taken a much more aggressive approach for detecting
and mitigating Insider Threats after reading these reports as they
provide the justification return on investment and support the funding
approvals needed for developing implementing managing or
optimizing an Insider Threat Program pp
pp
Even if an
organization is not required to implement an Insider Threat Program
these reports provide valuable insights as to why organizations should
be more concerned with employee threat identification and mitigationpp
pp
pp
pp
INSIDER
THREAT INCIDENTS REPORTSpp
Produced Monthly
By pp
National Insider
Threat Special Interest Group NITSIGpp
Insider Threat
Defense Group
The incidents listed in these reports on the links below provide EYE
OPENING EXAMPLES of the many different types of Insider Threats and
the SEVERE IMPACTS
These incidents are caused by JUST 1 EMPLOYEE or by MULTIPLE
EMPLOYEES or by EMPLOYEES WORKING WITH EXTERNAL COCONSPIRATORS
If you would like to be notified when the NITSIG releases the monthly
Insider Threat Incidents Reports and other related information please
send an email to
jimhendersonnationalinsiderthreatsigorgpp
pp
Download Reports No Registration Requiredpp
Insider
Threat Incidents Report For July 2021pp
pp
Insider
Threat Incidents Report For August 2021pp
pp
Insider Threat Incidents Report For September 2021pp
pp
Insider Threat Incidents Report For October 2021pp
pp
Insider Threat Incidents Report For November 2021pp
pp
Insider Threat Incidents Report For December 2021pp
pp
Insider Threat Incidents Report For January 2022pp
pp
Insider Threat Incidents Report For February 2022pp
pp
Insider Threat Incidents Report For March 2022 pp
pp
Insider Threat Incidents Report For April 2022 pp
pp
Insider Threat Incidents Report For May 2022 pp
pp
Insider Threat Incidents Report For June 2022 pp
pp
Insider Threat Incidents Report For July 2022
pp
pp
Insider Threat Incidents Report For August 2022 pp
pp
Insider Threat Incidents Report For September 2022 pp
pp
Insider Threat Incidents Report For October 2022 pp
pp
Insider Threat Incidents Report For November 2022 pp
pp
Insider Threat Incidents Report For December 2022 pp
pp
Insider Threat Incidents Report For January 2023 pp
pp
Insider Threat Incidents Report For February 2023 pp
pp
Insider Threat Incidents Report For March 2023 pp
pp
Insider Threat Incidents Report For April 2023 pp
pp
Insider Threat Incidents Report For May 2023 pp
pp
Insider Threat Incidents Report For June 2023 pp
pp
Insider Threat Incidents Report For July 2023 pp
pp
Insider Threat Incidents Report For
August 2023 pp
pp
Insider Threat Incidents Report For September 2023 pp
pp
Insider Threat Incidents Report For October 2023 pp
pp
Insider Threat Incidents Report For November 2023 pp
pp
Insider Threat Incidents Report For December 2023 pp
pp
Insider Threat Incidents Report For January 2024pp
pp
Insider Threat Incidents Report For February 2024 pp
pp
Insider Threat Incidents Report For March 2024 pp
pp
Insider Threat Incidents Report For April 2024 pp
pp
Insider Threat Incidents Report For May 2024 pp
pp
Insider Threat Incidents Report For June 2024 pp
pp
Insider Threat Incidents Report For July 2024 pp
pp
Insider Threat Incidents Report For August 2024 pp
pp
Insider Threat Incidents Report For September 2024 pp
pp
Insider Threat Incidents Report For October 2024 pp
pp
Insider Threat Incidents Report For November 2024 pp
pp
Insider Threat Incidents Report For December 2024pp
pp
Insider Threat Incidents Report For January 2025pp
pp
Insider Threat Incidents Report For February 2025pp
pp
Insider Threat Incidents Report For March 2025pp
pp
Insider Threat Incidents Report For April 2025 pp
pp
Insider Threat Incidents Report For April 2025 pp
pp
Insider Threat Incidents Report For May 2025 pp
pp
NITSIG Insider Threat
Incidents Report Up To 2017
Sourcepp
pp
pp
US GOVERNMENT INSIDER THREAT
INCIDENTS REPORT FOR 2020 TO 2024
Produced
By pp
National Insider
Threat Special Interest Group NITSIGpp
Insider Threat
Defense Grouppp
The NITSIG was contacted by Senator Joni Ernsts office in December
2024 and a request was made to write a report about Insider Threats in
the US Government USG for the Department Of Government Efficiency
DOGE
This report is intended to provide DOGE with an indepth look at the
magnitude of the Insider Threat problems How can the US Government be
run 1 Efficiently 2 Effectively and 3 Within
Budget when US Government employees and contractors are taking
malicious actions that will impede these 3 objectives
There has been a long standing and continuing problem of US Government
employees and employees supporting the government who have
intentionally committed theft fraud embezzlement taken bribes and
also received kickbacks related to US Government contracting Some
employees may not be disgruntled malicious but have other
opportunist motives such as living a lifestyle beyond their means
This report covers the time period of 2020 to 2024 The Insider Threat
goes beyond goes beyond the previous presidents administration and has
apparently been an acceptable norm until the DOGE was stood up in 2025
This report will reveal that many USG employees and contractors have
been sentenced to prison Others have been arrested been charged
pleaded guilty or are awaiting further legal action to be taken See
Pages 6118 For Incidents
The large amount of theft fraud and embezzlement within the US Post
Office DoD and the Veterans Administration is very concerning as
reflected in this report
Download Report No Registration Requiredpp
pp
pp
pp
DEPARTMENT OF DEFENSE
INSIDER THREAT INCIDENTS REPORT FOR 2024pp
Produced By
pp
National Insider
Threat Special Interest Group pp
Insider Threat
Defense Grouppp
pp
Report Overview
Insider Threat incidents within the Department Of Defense DoD
US Army Navy Air Force Marines are not just related to espionage
the unauthorized distribution of classified information to foreign
governments or other individuals or the prevalence of extremist
ideology and behaviors
The traditional norm or mindset that DoD employees just steal classified
information or other sensitive information is no longer the case There
continues to be an increase within the DoD of financial fraud
contracting fraud bribery kickbacks theft of DoD physical assets
etc This is very evident in the research that has been conducted by the
NITSIG and previously published in the monthly Insider Threat Incidents
Reports
While some employees may display behavioral indicators of concerns some
may not Other employees are apparently motivated by human greed the
need for more money or the opportunity to live a lifestyle of luxury at
the expense of the DoD Perpetrators have used DoD money for Investment
Ventures To Pay Debts Jewelry Clothing Vehicles Real Estate
Vacations and more
DoD organizations have invested millions of dollars in securing their
data computers and networks against Insider Threats from primarily a
technical perspective using Network Security Tools or Insider Threat
Detection Tools But the Insider Threat problem is not just a technical
problem
The intent of this report is to provide a more holistic view of various
types of Insider Threat incidents within the DoD
This report should be used as an awareness and educational tool to gain
additional support and funding from senior leaders for an Insider Threat
Program ITP
This report also serves as an excellent Insider Threat Awareness Tool
to educate key stakeholders supporting an ITP and to educate DoD
employees on the importance of reporting employees who may pose a risk
or threat to the organization
Download Report No Registration Requiredpp
pp
pp
pp
INSIDER THREAT INCIDENTS SPOTLIGHT REPORT FOR 2023pp
Produced By
pp
National Insider
Threat Special Interest Group pp
Insider Threat
Defense Group
This comprehensive EYE OPENING report provides a 360 DEGREE
VIEW of the many different types of malicious actions employees
have taken against their employers pp
This is the only report produced that provides clear and indisputable
evidence of how very costly and damaging Insider Threat incidents can be
to organizations of all types and sizes US Government Private
Sector
The many examples listed in this report clearly substantiate the need to
enhance security controls NonTechnical Technical to detect and
mitigate Insider Risks Threats or the importance of implementing an
Insider Risk Management Program for an organization
Taking a PROACTIVE rather than REACTIVE approach is
critical to protecting your organization from employee risks threats
pp
Download Report
No Registration Requiredpp
pp
pp
pp
OTHER
SOURCES FOR INSIDER THREAT INCIDENTS NEWSpp
Produced
By NITSIG Insider Threat
Defense Group ITDGpp
pp
Insider Threat Incidents EMagazine On Flipboard Updated Daily
Largest Publicly Available
Source Of Insider Threat Incidents 6000pp
View On The Link Below Or Download The Flipboard App To View On Your
Mobile Devicepp
Sourcepp
pp
pp
NITSIG Workplace Violence Incidents EMagazinepp
View On The Link Below Or Download The Flipboard App To View On Your
Mobile Devicepp
Sourcepp
pp
pp
NITSIG Group On LinkedIn Request Accesspp
The NITSIG has
created a LinkedIn Group for individuals that interested in sharing and
gaining indepth knowledge regarding Insider Threat Mitigation and
Insider Threat Program Management and to also share the latest news
upcoming events and information
Join Grouppp
pp
pp
NITSIG ITDG Insider
Threat Incidents News On Twitter
Updated Dailypp
Follow Us On Twitter
InsiderThreatDG
Sourcepp
pp
pp
Insider Threat Defense Group Website
pp
Examples Of
Many Different Types Of Insider Threat Incidents
Sourcepp
pp
pp
Defense Counterintelligence Security Agency Insider Threat Case Studiespp
Sourcepp
pp
pp
Older
Insider Threat Reports Surveys For Reference
1999 To 2018pp
Some Reports Surveys Below Contain No Source Links Because
Content Has Been Removed From Websitepp
pp
pp
Global Study Reveals
Majority Of Visual Hacking Attempts Are Successfulpp
Organizations around the world are at risk of
sharing highly sensitive information through visual
hacking in business office environments
This
risk was revealed in the 2016 Global Visual Hacking
Experiment an expansion of the
2015 Visual Hacking Experiment conducted in the
United States by Ponemon Institute and sponsored by
3M Company
The
global study included trials in China France
Germany India Japan South Korea and the United
Kingdom The
combined results found that sensitive information
was successfully captured in 91 of visual hacking
attempts globally Experiment
Results
The
experiments involved 157 trials with 46
participating companies across the eight countries
They exposed lowtech hacking methods as a
significant risk to corporations around the world
The findings revealed that organizations need to
create awareness among employees on protecting data
displayed on device screens as 52 of the sensitive
information captured during the experiments came
from employee computer screens
In
the experiments a White Hat Visual Hacker WHVH
assumed the role of temporary office worker and was
assigned a valid security badge worn in visible
sight The WHVH attempted to visually hack sensitive
or confidential information using three methods
pp
Walking through the office scouting for information
in full view on deskspp
Observing computer monitor screens and other
indiscrete locations like printers and copy
machinespp
Taking a stack of business documents labeled as
confidential off a desk and placing it into a
briefcasepp
Using a smartphone to take a picture of confidential
information displayed on a computer screen
pp
All
of the methods above were completed in front of
other office workers at each participating company
In 68 of the
hacking attempts office personnel did not question
or report the visual hacker even after witnessing
unusual or suspicious behavior
pp
pp
pp
DoD PERSEREC Report A Strategic Plan To Leverage The Social
Behavioral Sciences To Counter the Insider Threat
2018pp
In 2016 the Office
of the Under Secretary of Defense for Intelligence partnered with the
Defense Personnel and Security Research Center PERSEREC to design a
comprehensive research plan and strategy to integrate the social and
behavioral sciences SBS into the DoD counterinsider threat mission
space
PERSEREC completed 59 interviews with 66 SMEs who represented 45
organizations 10 private sector companies nine Defense Agencies nine
nonDoD federal agencies seven federally funded research and
development centers FFRDC and university affiliated research centers UARC
four military Services four DoD Field Activities one Defense Joint
Activity and one Combatant Command Sourcepp
pp
pp
Aviation Insider Threat
Team
Report
2018pp
pp
pp
Ponemon Institute Study The True Cost of Insider Threats Revealed 2018
This global study reports
on what companies have spent to deal with a data breach caused by a
careless or negligent employee or contractor criminal or malicious
insider or a credential thief While the negligent insider is the root
cause of most breaches the bad actor who steals employees credentials
is responsible for the most costly incidents
The first study on the cost of insider threats was conducted in 2016 and
focused exclusively on companies in the United States In this years
benchmark study 717 IT and IT security practitioners in 159
organizations in North America United States and Canada Europe
Middle East and Africa and AsiaPacific were interviewed
According to the research if the incident involved a negligent employee
or contractor companies spent an average of 283281 The average cost
more than doubles if the incident involved an imposter or thief who
steals credentials 648845 Hackers cost the organizations
represented in this research an average of 607745 per incident
Ponemon Institute concludes that companies need to intensify their
efforts to minimize the insider risk because of rising costs and
frequency of incidents Since 2016 the average number of incidents
involving employee or contractor negligence has increased from 105 to
134 The average number of credential theft incidents has tripled over
the past two years from 10 to 29 In addition these incidents are
not resolved quickly Our analysis revealed that it took the companies
in our study more than two months on average to contain an insider
incident Only 16 percent of incidents were contained in less than 30
dayspp
pp
pp
Insider
Threat Survey 2018
This research is
based on the results of a comprehensive online survey of 472
cybersecurity professionals to gain deep insight into the insider threat
faced by organizations and the solutions to detect remediate and
prevent it The respondents range from technical executives to managers
and IT security practitioners representing organizations of varying
sizes across all industries
Highlights
90 of organizations feel vulnerable to insider attacks The main
enabling risk factors include too many users with excessive access
privileges 37 an increasing number of devices with access to
sensitive data 36 and the increasing complexity of information
technology 35
A 53 majority have confirmed insider attacks against their organization
in the previous 12 months typically less than five attacks 27 of
organizations say insider attacks have become more frequent
Organizations are shifting their focus on detection of insider threats
64 followed by deterrence methods 58 and analysis and post
breach forensics 49 The use of user behavior monitoring is
accelerating 94 of organizations deploy some method of monitoring
users and 93 monitor access to sensitive data
The most popular technologies to deter insider threats are Data Loss
Prevention DLP encryption and identity and access management
solutions To better detect active insider threats companies deploy
Intrusion Detection Prevention Solutions IDPS log management and SIEM
platforms
The vast majority 86 of organizations already have or are building an
Insider Threat Program 36 have a formal program in place to respond to
insider attacks while 50 are focused on developing their programpp
pp
pp
Harvey Nash KPMG Global
Survey Of 4500 CIOs Tech Leaders Insider Threat Fastest Growing
Threat 2017
External Hackers are not
the only threat your business or organization may be facing One of your
biggest risks comes from your own employees This survey finds that the
insider threat problem is the fastestgrowing one of all
Sourcepp
pp
pp
Hiscxo
Embezzlement Study 2017
To find out whos stealing from small
businesses Hiscox examined publicly available data on US federal
court activity related to employee fraud Perhaps surprisingly it turns
out that women embezzle more frequently than men do though only by a
small percentage The median age of this kind of criminal is 48 years
old and they most likely work in a finance or accounting role
pp
pp
Another surprising
fact is that instances of embezzlement at companies of all sizes may
last longer than you might think Statistics showed that more than a
quarter of embezzlements take place for longer than five years
While all companies face the risk of embezzlement those that are
smaller in size report the crimes occurrence more frequently Small
businesses cope with unique struggles For instance a small company is
more likely to hire one person to handle its moneybased operations like
accounting or payroll because it really doesnt need several people for
this position However if this one person decides to embezzle from the
company its much easier for him or her to hide it To fly under the
security that many companies have in place to prevent financial loss
many embezzlers engage in longrunning schemes pp
pp
Employee theft
schemes often go on for five years or more with the longest one reported
spanning 41 years Embezzlers get away with longrunning financial
schemes like these by stealing small amounts making it tough for
companies to spot them Small losses add up however The average loss
for longrunning scams that lasted for five years or longer came to 22
million In schemes that lasted 10 years or more the average amount
lost to embezzlers was 54 million While financial theft happens more
often in small companies large businesses suffer higher median losses
Sourcepp
pp
pp
Government Accountability
Office Report 24 Agencies Still Struggle With IT Security Weaknesses 2017pp
Highlights
Two dozen federal agencies
continue to experience security weaknesses in five critical areas which
puts government systems and data at risk according to a new watchdog
agency report
The Government Accountability Office says in its report new
report titled
Weaknesses Continue To Indicate Need for Effective Implementation of
Policies and Practices that during fiscal 2016 the agencies
continued to experience weaknesses in protecting their information and
information systems due to ineffective implementation of information
security policies and practices
Most of the agencies that the GAO reviewed had weaknesses in five
control areas including access controls configuration management
controls segregation of duties contingency planning and agency wide
security management the report notes
The problems have been
recurring issues for many of the agencies the report adds
Yet evaluations by the GAO and agency inspectors determined that most
agencies
did not have effective
Information Security Programs
the report notes
The watchdog agency adds that it did not make any new recommendations to
address the issues because GAO and agency inspector generals have made
hundreds of recommendations to address these security control
deficiencies but many have not yet been fully implemented
Until agencies correct longstanding control deficiencies and address the
previous recommendations federal IT systems will remain at increased
and unnecessary risk of attack or compromise We continue to monitor the
agencies progress on those recommendations
pp
NITSIG Note
A
robust and effective Insider Threat Program requires that
organizations have an effective Security Information Information
Systems Security Programpp
Weak Governance And Security Exploitable Weaknesses By Insiderspp
It
Starts At The Top Of An Organization Lack Of Understanding Insider
Threat Risks At Corporate Levelpp
Poor Communication Between Critical Business Departments HR IT
Security And Supervisors Regarding Employee Trustworthiness Threatpp
Poor Facility Security Controls Facility Access Facilities Bag Checks
In Out No BYOD Policy Electronic Device Policypp
Poor Goverance Lack Of Security Policies Procedures No Sancitions For
Security Policy Violationspp
Poor Organizational Security Culture Weak Or Absent Security Briefings
For New Hires Contractorspp
Poor Personnel Management Practices PreEmployment Screening Position
ReAssignment Employee Continuous Monitoring For Trustworthiness
SeperationTermination Procedures Etcpp
Lack Of IdentifyingProtecting Crown Jewels Intellectual Propertypp
Lack Of Secure Configurations For Information Systems Workstations
Serverspp
Lack Of Secure Configurations For Software Applicationspp
Lack Of IT Configuration Managementpp
Lack Of User Activity Monitoring For IT Networkspp
Lack Of Cyber Threat Insider Threat Awareness Training For Employeespp
Lack Of Insider Threat Risk Mitigation Training For ITNetwork Security
Professionalspp
Poor Practices Related To The Acquisition Of Hardware Software Are
Security Risks Addressedpp
Poor Practices Related The Use Of Outside IT Contracting Services And
Other Contracting Services When Outsiders Become Insiderspp
pp
Measurable Damage
From Data Breaches Cisco Report
2017pp
Highlights
A business
should pay close attention to a 2017 report that was released from Cicso
concerning damages from data breaches The report provides insights
based on threat intelligence gathered by Ciscos security experts
combined with input from nearly 3000 Chief Security Officers CSOs and
other security operations leaders from businesses in 13 countries
According to the Cisco report organizations that suffered a breach the
effect was substantial 22 of breached organizations lost customers
40 of them lost more than a fifth of their customer base 29 lost
revenue with 38 of that group losing more than a fifth of their
revenue and 23 of breached organizations lost business opportunities
with 42 of them losing more than a fifth of such opportunitiespp
pp
pp
DoD PERSEREC Report The Expanding Spectrum Of Espionage By Americans
1947 2015pp
Highlights
This
report is the fourth in the series on espionage by Americans that the
Defense Personnel and Security Research Center PERSEREC began
publishing in 1992 The current report updates the scope of earlier work
by including recent cases and it extends the scope by exploring related
types of espionage in addition to the classic type
pp
There Are 3 Parts Of The Report
Part 1 Presents findings on characteristics of
Americans who committed espionagerelated offenses since 1947 The
findings are based on analyses of data collected from open sources
pp
Part 2 Explores the five types of espionage committed by the
209 individuals in this study classic espionage leaks acting as an
agent of a foreign government violations of export control laws and
economic espionage Each type is described by its legal bases examples
of cases and comparisons with the other types of espionage are provided
pp
Part 3 Considers the impact of the context in which espionage
takes place and discusses two important developments 1 information
and communications technologies ICT and 2 globalization
Sourcepp
pp
Defending Against the Wrong Enemy SANS Insider
Threat Survey 2017pp
Highlights
Organizations Recognize The Importance Of Insider Threat
Survey results are very promising in that they indicate
organizations recognize insider threat as the most potentially damaging
component of their threat environments Interestingly there is little
indication that most organizations have realigned budgets and staff to
coincide with that recognition
Losses Due To Insider Threat Are Largely Unknown
Relatively few respondents were able to quantify either real or
potential losses due to insider threat Organizations often do not spend
money in a critical area if they cannot quantify the losses This could
explain why insider threat is a concern but not a primary focus
Incident Response Is Not Focused Primarily On The Insider
Despite recognition of insiders as a common and vulnerable point
of attack fewer than 20 of respondents reported having a formal
incident response plan that deals with insider threat The primary focus
of incident response is to recover from an adverse event Incident
response plans that are focused on external threats might explain why
many organizations struggle to respond to incidents involving insiders
Detection Of Insider Threat Is Still Not Effective
More than 60 of the respondents claimed they have never
experienced an insider threat attack This result is very misleading It
is important to note that 38 of the respondents said they do not have
effective ways to detect insider attacks meaning the real problem may
be that organizations are not properly detecting insider threats not
that they are not happening
Organizations Must Deal With Both Malicious And Accidental Insider
Threats
When most people hear the term insider threat they typically think of
the malicious insider who is purposely causing harm to an organization
Although this type of insider will always be a concern the bigger
threat to most organizations is the accidental insidera legitimate user
whose login has been stolen or who has been manipulated into giving an
attacker access through other means It is possible that respondents did
not consider those compromised insiders as being part of what is
considered an insider threat Respondents to the survey most frequently
cited malicious employees 43 as their biggest concern It is
promising however that the accidental or negligent insider is a very
close second at 39 which means organizations are focusing more
resources in the correct area
pp
pp
GAO Report On
Insider Threat From Federal Workers
February 14 2017
Highlights
The GAO released a
report about the the Cyber Insider Threat titled CYBERSECURITY
Actions Needed To Strengthen US Capabilities
The report points a finger at Insider Threats from federal workers on
the governments vast cyber and computer system joining
foreign nations as a danger to sensitive and classified information
and even personal info
The GAO also declared frustration with the Obama administration in its
new report over its failure to implement 1000 security fixes needed to
close the door to hackers inside and out In testimony to Rep Barbara
Comstocks subcommittee in February 2017 Gregory Wilshusen director of
information security issues for GAO hit the government for failing to
act on 1000 of 2500 cybersecurity recommendations it has made
The GAO report requested by Rep Barbara Comstock the northern
Virginia Republican who represents thousands of federal workers is
blunt in its assessment of the threats to cybersecurity
Federal systems and networks are also often interconnected with other
internal and external systems and networks including the Internet
thereby increasing the number of avenues of attack and expanding their
attack surface said the report
Risks to cyber assets can originate from unintentional and intentional
threats These include insider threats from disaffected or careless
employees and business partners escalating and emerging threats from
around the globe the steady advances in the sophistication of attack
technology and the emergence of new and more destructive attacks it
added pointing a finger to federal insiderspp
Sourcepp
pp
pp
Increasing Concern
About Insider Threats At US Airports House Homeland Security Committee
Report
February 6 2017pp
Highlights
The House Homeland
Security Committee Majority Staff has issued a report entitled
Americas Airports The Threat From Within that examines employee
screening at the approximately 450 airports in the US under federal
control and found that much more needs to be done to improve the state
of access controls and mitigate the insider threat facing Americas
aviation sector
According to the 21page report Approximately 900000 people work at
these airports and many are able to bypass traditional screening
requirements that travelers visiting the airports must endure While the
overwhelming majority of these airport workers take the inherent
responsibility seriously there are increasing concerns that insider
threats to aviation security are on the rise
The report the result of an investigation conducted by Transportation
and Protective Security Subcommittee continued The Subcommittee has
worked closely with the Transportation Security Administration TSA and
the aviation stakeholder community to examine how we can work together
to improve access controls and employee screening at our nations
airports
The recommendations outlined in this report along with the
requirements of the Aviation Employee Screening and Security Enhancement
Act of 2017 which I introduced today will serve as a roadmap for TSA
airports and air carriers to close security vulnerabilities at our
nations airports Subcommittee Chairman John Katko RNY stated in a
press release about the report
The Subcommittee found that a majority of airports do not have full
employee screening at secure access points and that these airports are
unable to demonstrate the security effectiveness of their existing
employee screening efforts which consist largely of randomized
screening by TSA officers or airport law enforcement personnel
according to the press release
The report made nine recommendations that include examining the costs
and feasibility of expanded employee screening educating aviation
workers on their role in mitigating insider threats targeting the use
of employee screening to be more strategic and implementing the Federal
Bureau of Investigations FBI RapBack Service for all credentialed
aviation worker populationspp
Recent examples of insider threats discussed in the report include an
attempt to detonate a bomb at an airport gun and drug smuggling and
employees who became involved in terrorist activities overseas The
complete Americas Airports The Threat From Within report is
available
online
pp
pp
Healthcare
Data Breaches Report January 19 2017 pp
Highlightspp
Data breaches in the
US healthcare field cost 62 Billion dollars each year
pp
The average cost of
a single data breach across all industries is 4 Million dollars
according to a 2016 study from IBM and Ponemon Institutepp
Approximately 90 of
hospitals have reported a breach in the past two years and most
breaches are due to employee errorpp
The average HIPAA
settlement fine is approximately 11 Million dollars pp
Data Breach
notification costs 560000 on averagepp
Costs affiliated
with lawsuits average 88000000pp
Post data breach
cleanup costs average 44000000pp
Healthcare
organizations average 50000000 in lost brand value after a data
breach with some estimates reaching 50 Million dollars as an average
amount in lost brand value pp
Sourcepp
pp
Kroll Annual Global Fraud And Risk Report
2016 2017pp
Highlightspp
Data 82 of
executives surveyed worldwide experienced a fraud incident in the past
year compared to 75 in 2015pp
85 of executives reported
at least one cyber incident and over twothirds reported security
incidentspp
Fraud cyber and security
incidents are now the new normal for companies across the world
according to the executives surveyed for the report highlighting the
escalating threat to corporate reputation and regulatory compliancepp
Despite widespread
concerns about external attacks the findings reveal that the most
common perpetrators of fraud cyber and security incidents over the
past 12 months were current and former employeespp
Six out of ten respondents
60 who worked for companies that suffered from fraud identified a
combination of perpetrators that included current employees former
employees and third parties Almost half 49 said incidents involved
all three groups Junior staff were cited as key perpetrators in
twofifths 39 of fraud cases followed by senior or middle management
30 and freelance or temporary employees 27 Former employees were
also identified as responsible for 27 of incidents reportedpp
Overall 44 of
respondents reported that Insiders were the primary perpetrators of a
cyber incident with former employees the most frequent source of risk
20 compared to 14 citing freelance or temporary employees and 10
citing permanent employeespp
Adding agents or
intermediaries to this Insider group as quasiemployees increases the
proportion of executives indicating Insiders as the primary perpetrators
to a majority 57pp
Over half of respondents
56 said Insiders were the key perpetrators of security incidents
with former employees again the most common of these 23pp
pp
KPMG Report Global
Profiles Of The Fraudster
2016
Highlights
In a recent research report by KPMG Global Profiles of the
Fraudster fraud is a global issue It harms corporate reputations
costs millions and ruins lives Its a heavy economic and moral burden
on society This report analyzed profiles of 750 cybercrooks
investigated by forensic specialists across 81 countries and produced
what it calls the New Face Of Fraud
pp
Some Of The
Interesting Facts From This Reportpp
69 Were Between The Ages
of 36 and 55pp
65 Were Employed By The
Company That Was Hackedpp
35 Were Executives Or
Directorspp
38 Had Been With The
Company For At Least Six Yearspp
38 Described Themselves
As WellRespected In Their Companypp
62 Colluded With Others
In Their Crimespp
How Is Insider Fraud
Accomplished And Whypp
Creation Of False Or
Misleading Information In Accounting Records 24pp
False Or Misleading
Information Via Email Or Another Messaging Platform 20pp
Abuse Permissible Access
To Computer Systems 13pp
The report highlights
technology as one of the key elements involved in whitecollar crimes
across the globepp
While personal gain was
the predominant overriding motivation for committing fraud 60 the
sense of Because I Can was third at 27 according to the reportpp
Sourcepp
pp
US
Defense Contract Management Agency Malicious Or Accidental Insider
Threats Have Caused More Problems In DoD
2015
According to the US Defense Contract Management Agency DCMAs director
of operations the Department of Defense has positioned itself quite
strongly against external cyber threats but malicious or accidental
insider threats have caused more problems This was largely because
people within agencies largely do what they want and see security as a
form of interference he said Additionally some of the younger
employees have skills to successfully work around security protocols
pp pp
pp
Ponemon Institute Reports Employee Negligence Leading Cause of Insider
Threats Could Cost A Company Up To 15 Million 2015
Employee negligence which may be caused by multitasking and working
long hours can result in insider threats and cost companies millions of
dollars each year It can cost a US company as much as 15 million
and Germany companies 16 million in time wasted responding to security
incidents caused by human error according to a new survey of IT and IT
security practitioners in the US and Germany The survey commissioned
by Raytheon Websense and independently conducted by the information
security industry leader Ponemon Institute also revealed that 70
percent of US survey respondents and 64 percent of German respondents
report that more security incidents are caused by unintentional mistakes
than intentional andor malicious acts
Sourcepp pp pp
Mandiant Cybersecurity Firm Reports 100 Of Most Recent Incidents
Involved Some Form OF Insider Threat
2015
Sourcepp pp
pp
Insider Threats To Credit Unions Survey
2015
Highlightspp
83 of
surveyed financial institutions admit their biggest concern is
confidential information transferred to unauthorized recipientspp
52
say they are worried about sensitive data being transferred by use
of removable mediapp
77 of
all credit unions surveyed said they do not believe or were unsure
if they had complete protection regarding internal data threats
pp
62
stated they already have security controls in placepp
Sourcepp
pp
Vormetic
Insider Threats To Healthcare Report
2015
Highlightspp
92 of
102 USbased healthcare IT decision makers surveyed said their
organizations are either somewhat or more vulnerable to insider
threatspp
49
felt very or extremely vulnerable to insider threatspp
48 of
healthcare organizations experienced a data breach or failed a
compliance audit in the past yearpp
63 of
healthcare IT decision makers said their organizations are planning
to increase spending to offset data threatspp
pp
FBI Department of Homeland Security
Alert
2014pp
Highlightspp
A
recent 2014 FBI and Department of Homeland Security alert
reported
that employees with an ax to grind are increasingly using Internet
cloud services and other computer tools to hack their current or
former companies pp
Companies victimized by current or former employees incur costs from
5000 to 3 million pp
According to the FBI our nations secrets are in jeopardy
the same secrets that make a company profitable The FBI estimates billions of US dollars are lost to foreign
competitors every year These foreign competitors deliberately
target economic intelligence in advanced technologies and
flourishing US industries External data breaches by cyber
criminals get a lot of attention but
frequently insiders are recruited by foreign competitors to gather
and steal a
companys datapp
pp
SANS
Spectorsoft Insider Threat Survey
2014 2015
Highlightspp
74 of
the 772 IT security professionals surveyed said theyre concerned
about insider threats from negligent or malicious employeespp
32
said they have no ability to prevent an insider breachpp
28
said insider threat detection and prevention isnt a priority in
their organizationspp
44 of
respondents said they dont know how much they currently spend on
solutions to mitigate insider threatspp
45
said they dont know how much they plan to spend on such solutions
in the next 12 monthspp
69of
respondents said they currently have an incident response plan in
place but more than half of those respondents said that plan has no
special provisions for insider threatspp
52 of
survey respondents said they didnt know what their losses might
amount to in the case of an insider breachpp
Sourcepp pp
SolarWinds Survey Investigates Insider Threats
to Federal Cybersecurity
2015pp
Highlightspp
More than half 53 of federal IT Pros
identified careless and untrained insiders as the greatest source of
IT security threats at their agencies up from 42 percent last yearpp
Nearly twothirds 64 believe malicious
insider threats to be as damaging as or more damaging than malicious
external threats such as terrorist attacks or hacks by foreign
governments pp
Further 57 percent believe breaches caused by
accidental or careless insiders to be as damaging as or more
damaging than those caused by malicious insiderspp
Nearly half of respondents said government
data is most at risk of breach from employees or contractors
desktops or laptops Top causes of accidental insider breaches
include phishing attacks 49 data copied to insecure devices
44 accidental deletion or modification of critical data 41
and use of prohibited personal devices 37pp
Sourcepp
pp
Vormetric Insider Threat Report
2015pp
Highlightspp
93 of US
respondents said their organizations were somewhat or more
vulnerable to insider threatspp
59 of US
respondents believe privileged users pose the biggest threat to
their organizationpp
Preventing a data
breach is the highest or second highest priority for IT security
spending for 54 of respondents organizationspp
46 of US
respondents believe cloud environments are at the greatest risk for
loss of sensitive data in their organization yet 47 believe
databases have the greatest amount of sensitive data at riskpp
44 of US
respondents say their organization had experienced a data breach or
failed a compliance audit in the last yearpp
34 of US
respondents say their organizations are protecting sensitive data
because of a breach at a partner or a competitorpp
Source
pp pp
US State Of Cyber Crime Survey
2014pp
Highlightspp
The incidents that
typically fly under the media radar are insider eventspp
28 of respondents pointed the finger at
insiders
which includes trusted parties such as current and former employees
service providers and contractors pp
32 say insider
crimes are more costly or damaging than incidents perpetrated by
outsiders The larger the business the more likely it is to consider
insiders a threat larger businesses also are more likely to
recognize that insider incidents can be more costly and damaging
pp
Only
49 of all respondents have a plan for responding to insider
threatspp
Sourcepp
pp
GAO
Report On Personnel Security Clearances
2014pp
Highlightspp
A Government
Accountability Office GAO
report reviewed
the eligibility of individuals accessing classified information
pp
Access to classified
information was revoked in 20092013 for more than 18500 military
and civilian employees and contractors working for the Department of
Defense DoD according to an audit 16000 MilitaryCivilian Employees
And For 2500 contractorspp
The report examined
the most common reasons for revoking clearances by the DoD for
fiscal year 2013 The top causes for civilian and military personnel
were criminal conduct involvement with drugs and personal
conduct Top reasons for contractors were financial considerations
and personal and criminal conductpp
The report also
examined revocations by the Department of Homeland Security DHS
although only for fiscal year 2013 About 125000 DHS civilian and
military employees were eligible to access classified information as
of March 2014 DHS revoked eligibility for 113 personnel
during fiscal year 2013 the report saidpp
pp
Organizations Lack
Training And Budget To Mitigate Insider Threats
2014pp
Highlightspp
An Insider
Threat Survey conducted by Spectorsoft Now Veriato of 355 IT
and security professionals revealed the following
pp
61 stated they didnt
have the ability to deter an insider threat pp
59 stated they
couldnt detect an insider threatpp
60 of
stated that they werent prepared to respond to insider
attackspp
35 stated that they
had already experienced an insider attack with 41 of those
attacks involving financial fraud 49 of them involving a data
leak 16 involving intellectual property theftpp pp
Other
Insider
Threat Reportspp
DoD Top Management Challenges Report For 2018 Insider Threat Pages
3138pp
GAO Report Insider Threats In The DoD 2015pp
PERSEREC Espionage Case Summaries From 19752008pp
PERSEREC Espionage By Americans From 19472007pp
DoD Insider
Threat Mitigation Report 1999pp pp
pp
Insider Threat Mitigation Requires Senior Management Supportpp
Senior
Management must address the questions below if they are serious
about mitigating the Insider Threat and protecting an organization
assets pp
Has
your organization given serious consideration into what employees
are really doing with the organizations most critical information
pp
Does
your organization have visibility into its employees actions on your
information systems databases and networks that store intellectual
property proprietary information and sensitive informationpp
Can
your company afford to loose its critical market share and let this
information get into the hands of your competitorspp
Could
the loss of this information cause your company bad publicity
damage to your companys reputation and stock prices cause your
company to face legal action or put your company out of businesspp
pp
pp
Copyright 2021
National Insider Threat Special Interest Group All Rights
Reserved Legal Noticepp
p
NATIONAL INSIDER
THREAT SPECIAL INTEREST GROUP NITSIG
pp
pp
HOME
ADVISORY BOARD
MEMBERSHIP CHAPTERS
MEETINGS
PUBLIC SPEAKINGpp
INSIDER THREAT
INCIDENTS EMAGAZINEpp
INSIDER THREAT SURVEYS REPORTS INCIDENTSpp
INSIDER THREAT
MITIGATION RESOURCESpp
INSIDER THREAT SYMPOSIUM
EXPOpp
INSIDER THREAT
MITIGATION VENDORS pp
SPONSORS PRESS RELEASES
CONTACT USpp pp pp
pp
pp
INSIDER THREAT INCIDENTS
RESEARCH REPORTSpp
pp
The NITSIG in
conjunction with the
Insider Threat Defense Group have researched and analyzed over
6000 Insider Threat incidents over 13 yearspp
pp
These EYE OPENING
monthly reports show just how serious the Insider Threat problem is and
the very costly and damaging impacts to organizations of all types and
sizes pp
pp
The SEVERE
IMPACTS Can Be Caused Bypp
Just 1 Employeepp
Multiple Employees
In Collusion pp
Employees In
Collusion With External CoConspiratorspp
pp
Managing Employee
Threats In An Organization Is More Than Just Dealing Withpp
Employee
Dissatisfactionpp
Employee To Employee
Relationship Problemspp
Employee To
Supervisor Relationship Problemspp
Negative Performance
Reviewspp
Diversity Problemspp
Suspicious Technical
Behaviorspp
Preventing Sexual
Harassment Workplace Violencepp
There are many other
types of Malicious Actions caused by employees who may be very
disgruntled that can be very damaging and have very serious impacts to
an organizationpp
pp
Examplespp
Financial Loss
Trade Secrets Data Theft Embezzlementpp
Operational Impact
For The Organization To Execute Its Mission IT Network Sabotage Data
Destruction Sabotage To Facility Etcpp
Legal Compliance
Liability Impactspp
Stock Price
Reductionpp
Employees Lose Jobs
Company Goes Out Of Business pp
And Morepp
CISA
Insider Threat Types Chartpp
CERT Insider
Threat Chart
Threats Vs Damagespp
pp
pp
pp
pp
pp
Employees Looking To Live Extravagant Lifestylespp
NITSIG research also
indicates many employees may not be disgruntled but have other motives
such as financial gain to live a better lifestyle etc pp
pp
You might be shocked
as to what employees do with the money they steal or embezzle from
organizations and businesses and how many years they got away with it
until they were caught 1 To 20 Yearspp
pp
pp
What Do Employees Do With The Money They Embezzle Steal From Federal
State Government Agencies Businesses Or With The Money They Receive
From Bribes Kickbackspp
They Have Purchased
Vehicles Collectible Cars Motorcycles Jets Boats Yachts
Jewelry Buy Properties Businesses
They Have Used Company Funds Credit Cards To Pay For
Rent Leasing Apartments Furniture Monthly Vehicle Payments
Credit Card Bills Lines Of Credit Child Support Student Loans Fine
Dining Wedding Anniversary Parties Cosmetic Surgery Designer
Clothing Tuition Travel Renovate Homes Auto Repairs Fund Shopping
Gambling Addictions Fund Their Side Business Family Business Buying
Stocks Firearms Ammunition Camping Equipment Pet Grooming And
More
They Have Issued Company Checks To
Themselves Family Members Friends Boyfriends Girlfriendspp
pp
These reports will
give the reader a comprehensive view of the Actual Malicious Actions
employees are taking against their employers pp
pp
Many CEOs Boards
and CSuites have taken a much more aggressive approach for detecting
and mitigating Insider Threats after reading these reports as they
provide the justification return on investment and support the funding
approvals needed for developing implementing managing or
optimizing an Insider Threat Program pp
pp
Even if an
organization is not required to implement an Insider Threat Program
these reports provide valuable insights as to why organizations should
be more concerned with employee threat identification and mitigationpp
pp
pp
pp
INSIDER
THREAT INCIDENTS REPORTSpp
Produced Monthly
By pp
National Insider
Threat Special Interest Group NITSIGpp
Insider Threat
Defense Group
The incidents listed in these reports on the links below provide EYE
OPENING EXAMPLES of the many different types of Insider Threats and
the SEVERE IMPACTS
These incidents are caused by JUST 1 EMPLOYEE or by MULTIPLE
EMPLOYEES or by EMPLOYEES WORKING WITH EXTERNAL COCONSPIRATORS
If you would like to be notified when the NITSIG releases the monthly
Insider Threat Incidents Reports and other related information please
send an email to
jimhendersonnationalinsiderthreatsigorgpp
pp
Download Reports No Registration Requiredpp
Insider
Threat Incidents Report For July 2021pp
pp
Insider
Threat Incidents Report For August 2021pp
pp
Insider Threat Incidents Report For September 2021pp
pp
Insider Threat Incidents Report For October 2021pp
pp
Insider Threat Incidents Report For November 2021pp
pp
Insider Threat Incidents Report For December 2021pp
pp
Insider Threat Incidents Report For January 2022pp
pp
Insider Threat Incidents Report For February 2022pp
pp
Insider Threat Incidents Report For March 2022 pp
pp
Insider Threat Incidents Report For April 2022 pp
pp
Insider Threat Incidents Report For May 2022 pp
pp
Insider Threat Incidents Report For June 2022 pp
pp
Insider Threat Incidents Report For July 2022
pp
pp
Insider Threat Incidents Report For August 2022 pp
pp
Insider Threat Incidents Report For September 2022 pp
pp
Insider Threat Incidents Report For October 2022 pp
pp
Insider Threat Incidents Report For November 2022 pp
pp
Insider Threat Incidents Report For December 2022 pp
pp
Insider Threat Incidents Report For January 2023 pp
pp
Insider Threat Incidents Report For February 2023 pp
pp
Insider Threat Incidents Report For March 2023 pp
pp
Insider Threat Incidents Report For April 2023 pp
pp
Insider Threat Incidents Report For May 2023 pp
pp
Insider Threat Incidents Report For June 2023 pp
pp
Insider Threat Incidents Report For July 2023 pp
pp
Insider Threat Incidents Report For
August 2023 pp
pp
Insider Threat Incidents Report For September 2023 pp
pp
Insider Threat Incidents Report For October 2023 pp
pp
Insider Threat Incidents Report For November 2023 pp
pp
Insider Threat Incidents Report For December 2023 pp
pp
Insider Threat Incidents Report For January 2024pp
pp
Insider Threat Incidents Report For February 2024 pp
pp
Insider Threat Incidents Report For March 2024 pp
pp
Insider Threat Incidents Report For April 2024 pp
pp
Insider Threat Incidents Report For May 2024 pp
pp
Insider Threat Incidents Report For June 2024 pp
pp
Insider Threat Incidents Report For July 2024 pp
pp
Insider Threat Incidents Report For August 2024 pp
pp
Insider Threat Incidents Report For September 2024 pp
pp
Insider Threat Incidents Report For October 2024 pp
pp
Insider Threat Incidents Report For November 2024 pp
pp
Insider Threat Incidents Report For December 2024pp
pp
Insider Threat Incidents Report For January 2025pp
pp
Insider Threat Incidents Report For February 2025pp
pp
Insider Threat Incidents Report For March 2025pp
pp
Insider Threat Incidents Report For April 2025 pp
pp
Insider Threat Incidents Report For April 2025 pp
pp
Insider Threat Incidents Report For May 2025 pp
pp
NITSIG Insider Threat
Incidents Report Up To 2017
Sourcepp
pp
pp
US GOVERNMENT INSIDER THREAT
INCIDENTS REPORT FOR 2020 TO 2024
Produced
By pp
National Insider
Threat Special Interest Group NITSIGpp
Insider Threat
Defense Grouppp
The NITSIG was contacted by Senator Joni Ernsts office in December
2024 and a request was made to write a report about Insider Threats in
the US Government USG for the Department Of Government Efficiency
DOGE
This report is intended to provide DOGE with an indepth look at the
magnitude of the Insider Threat problems How can the US Government be
run 1 Efficiently 2 Effectively and 3 Within
Budget when US Government employees and contractors are taking
malicious actions that will impede these 3 objectives
There has been a long standing and continuing problem of US Government
employees and employees supporting the government who have
intentionally committed theft fraud embezzlement taken bribes and
also received kickbacks related to US Government contracting Some
employees may not be disgruntled malicious but have other
opportunist motives such as living a lifestyle beyond their means
This report covers the time period of 2020 to 2024 The Insider Threat
goes beyond goes beyond the previous presidents administration and has
apparently been an acceptable norm until the DOGE was stood up in 2025
This report will reveal that many USG employees and contractors have
been sentenced to prison Others have been arrested been charged
pleaded guilty or are awaiting further legal action to be taken See
Pages 6118 For Incidents
The large amount of theft fraud and embezzlement within the US Post
Office DoD and the Veterans Administration is very concerning as
reflected in this report
Download Report No Registration Requiredpp
pp
pp
pp
DEPARTMENT OF DEFENSE
INSIDER THREAT INCIDENTS REPORT FOR 2024pp
Produced By
pp
National Insider
Threat Special Interest Group pp
Insider Threat
Defense Grouppp
pp
Report Overview
Insider Threat incidents within the Department Of Defense DoD
US Army Navy Air Force Marines are not just related to espionage
the unauthorized distribution of classified information to foreign
governments or other individuals or the prevalence of extremist
ideology and behaviors
The traditional norm or mindset that DoD employees just steal classified
information or other sensitive information is no longer the case There
continues to be an increase within the DoD of financial fraud
contracting fraud bribery kickbacks theft of DoD physical assets
etc This is very evident in the research that has been conducted by the
NITSIG and previously published in the monthly Insider Threat Incidents
Reports
While some employees may display behavioral indicators of concerns some
may not Other employees are apparently motivated by human greed the
need for more money or the opportunity to live a lifestyle of luxury at
the expense of the DoD Perpetrators have used DoD money for Investment
Ventures To Pay Debts Jewelry Clothing Vehicles Real Estate
Vacations and more
DoD organizations have invested millions of dollars in securing their
data computers and networks against Insider Threats from primarily a
technical perspective using Network Security Tools or Insider Threat
Detection Tools But the Insider Threat problem is not just a technical
problem
The intent of this report is to provide a more holistic view of various
types of Insider Threat incidents within the DoD
This report should be used as an awareness and educational tool to gain
additional support and funding from senior leaders for an Insider Threat
Program ITP
This report also serves as an excellent Insider Threat Awareness Tool
to educate key stakeholders supporting an ITP and to educate DoD
employees on the importance of reporting employees who may pose a risk
or threat to the organization
Download Report No Registration Requiredpp
pp
pp
pp
INSIDER THREAT INCIDENTS SPOTLIGHT REPORT FOR 2023pp
Produced By
pp
National Insider
Threat Special Interest Group pp
Insider Threat
Defense Group
This comprehensive EYE OPENING report provides a 360 DEGREE
VIEW of the many different types of malicious actions employees
have taken against their employers pp
This is the only report produced that provides clear and indisputable
evidence of how very costly and damaging Insider Threat incidents can be
to organizations of all types and sizes US Government Private
Sector
The many examples listed in this report clearly substantiate the need to
enhance security controls NonTechnical Technical to detect and
mitigate Insider Risks Threats or the importance of implementing an
Insider Risk Management Program for an organization
Taking a PROACTIVE rather than REACTIVE approach is
critical to protecting your organization from employee risks threats
pp
Download Report
No Registration Requiredpp
pp
pp
pp
OTHER
SOURCES FOR INSIDER THREAT INCIDENTS NEWSpp
Produced
By NITSIG Insider Threat
Defense Group ITDGpp
pp
Insider Threat Incidents EMagazine On Flipboard Updated Daily
Largest Publicly Available
Source Of Insider Threat Incidents 6000pp
View On The Link Below Or Download The Flipboard App To View On Your
Mobile Devicepp
Sourcepp
pp
pp
NITSIG Workplace Violence Incidents EMagazinepp
View On The Link Below Or Download The Flipboard App To View On Your
Mobile Devicepp
Sourcepp
pp
pp
NITSIG Group On LinkedIn Request Accesspp
The NITSIG has
created a LinkedIn Group for individuals that interested in sharing and
gaining indepth knowledge regarding Insider Threat Mitigation and
Insider Threat Program Management and to also share the latest news
upcoming events and information
Join Grouppp
pp
pp
NITSIG ITDG Insider
Threat Incidents News On Twitter
Updated Dailypp
Follow Us On Twitter
InsiderThreatDG
Sourcepp
pp
pp
Insider Threat Defense Group Website
pp
Examples Of
Many Different Types Of Insider Threat Incidents
Sourcepp
pp
pp
Defense Counterintelligence Security Agency Insider Threat Case Studiespp
Sourcepp
pp
pp
Older
Insider Threat Reports Surveys For Reference
1999 To 2018pp
Some Reports Surveys Below Contain No Source Links Because
Content Has Been Removed From Websitepp
pp
pp
Global Study Reveals
Majority Of Visual Hacking Attempts Are Successfulpp
Organizations around the world are at risk of
sharing highly sensitive information through visual
hacking in business office environments
This
risk was revealed in the 2016 Global Visual Hacking
Experiment an expansion of the
2015 Visual Hacking Experiment conducted in the
United States by Ponemon Institute and sponsored by
3M Company
The
global study included trials in China France
Germany India Japan South Korea and the United
Kingdom The
combined results found that sensitive information
was successfully captured in 91 of visual hacking
attempts globally Experiment
Results
The
experiments involved 157 trials with 46
participating companies across the eight countries
They exposed lowtech hacking methods as a
significant risk to corporations around the world
The findings revealed that organizations need to
create awareness among employees on protecting data
displayed on device screens as 52 of the sensitive
information captured during the experiments came
from employee computer screens
In
the experiments a White Hat Visual Hacker WHVH
assumed the role of temporary office worker and was
assigned a valid security badge worn in visible
sight The WHVH attempted to visually hack sensitive
or confidential information using three methods
pp
Walking through the office scouting for information
in full view on deskspp
Observing computer monitor screens and other
indiscrete locations like printers and copy
machinespp
Taking a stack of business documents labeled as
confidential off a desk and placing it into a
briefcasepp
Using a smartphone to take a picture of confidential
information displayed on a computer screen
pp
All
of the methods above were completed in front of
other office workers at each participating company
In 68 of the
hacking attempts office personnel did not question
or report the visual hacker even after witnessing
unusual or suspicious behavior
pp
pp
pp
DoD PERSEREC Report A Strategic Plan To Leverage The Social
Behavioral Sciences To Counter the Insider Threat
2018pp
In 2016 the Office
of the Under Secretary of Defense for Intelligence partnered with the
Defense Personnel and Security Research Center PERSEREC to design a
comprehensive research plan and strategy to integrate the social and
behavioral sciences SBS into the DoD counterinsider threat mission
space
PERSEREC completed 59 interviews with 66 SMEs who represented 45
organizations 10 private sector companies nine Defense Agencies nine
nonDoD federal agencies seven federally funded research and
development centers FFRDC and university affiliated research centers UARC
four military Services four DoD Field Activities one Defense Joint
Activity and one Combatant Command Sourcepp
pp
pp
Aviation Insider Threat
Team
Report
2018pp
pp
pp
Ponemon Institute Study The True Cost of Insider Threats Revealed 2018
This global study reports
on what companies have spent to deal with a data breach caused by a
careless or negligent employee or contractor criminal or malicious
insider or a credential thief While the negligent insider is the root
cause of most breaches the bad actor who steals employees credentials
is responsible for the most costly incidents
The first study on the cost of insider threats was conducted in 2016 and
focused exclusively on companies in the United States In this years
benchmark study 717 IT and IT security practitioners in 159
organizations in North America United States and Canada Europe
Middle East and Africa and AsiaPacific were interviewed
According to the research if the incident involved a negligent employee
or contractor companies spent an average of 283281 The average cost
more than doubles if the incident involved an imposter or thief who
steals credentials 648845 Hackers cost the organizations
represented in this research an average of 607745 per incident
Ponemon Institute concludes that companies need to intensify their
efforts to minimize the insider risk because of rising costs and
frequency of incidents Since 2016 the average number of incidents
involving employee or contractor negligence has increased from 105 to
134 The average number of credential theft incidents has tripled over
the past two years from 10 to 29 In addition these incidents are
not resolved quickly Our analysis revealed that it took the companies
in our study more than two months on average to contain an insider
incident Only 16 percent of incidents were contained in less than 30
dayspp
pp
pp
Insider
Threat Survey 2018
This research is
based on the results of a comprehensive online survey of 472
cybersecurity professionals to gain deep insight into the insider threat
faced by organizations and the solutions to detect remediate and
prevent it The respondents range from technical executives to managers
and IT security practitioners representing organizations of varying
sizes across all industries
Highlights
90 of organizations feel vulnerable to insider attacks The main
enabling risk factors include too many users with excessive access
privileges 37 an increasing number of devices with access to
sensitive data 36 and the increasing complexity of information
technology 35
A 53 majority have confirmed insider attacks against their organization
in the previous 12 months typically less than five attacks 27 of
organizations say insider attacks have become more frequent
Organizations are shifting their focus on detection of insider threats
64 followed by deterrence methods 58 and analysis and post
breach forensics 49 The use of user behavior monitoring is
accelerating 94 of organizations deploy some method of monitoring
users and 93 monitor access to sensitive data
The most popular technologies to deter insider threats are Data Loss
Prevention DLP encryption and identity and access management
solutions To better detect active insider threats companies deploy
Intrusion Detection Prevention Solutions IDPS log management and SIEM
platforms
The vast majority 86 of organizations already have or are building an
Insider Threat Program 36 have a formal program in place to respond to
insider attacks while 50 are focused on developing their programpp
pp
pp
Harvey Nash KPMG Global
Survey Of 4500 CIOs Tech Leaders Insider Threat Fastest Growing
Threat 2017
External Hackers are not
the only threat your business or organization may be facing One of your
biggest risks comes from your own employees This survey finds that the
insider threat problem is the fastestgrowing one of all
Sourcepp
pp
pp
Hiscxo
Embezzlement Study 2017
To find out whos stealing from small
businesses Hiscox examined publicly available data on US federal
court activity related to employee fraud Perhaps surprisingly it turns
out that women embezzle more frequently than men do though only by a
small percentage The median age of this kind of criminal is 48 years
old and they most likely work in a finance or accounting role
pp
pp
Another surprising
fact is that instances of embezzlement at companies of all sizes may
last longer than you might think Statistics showed that more than a
quarter of embezzlements take place for longer than five years
While all companies face the risk of embezzlement those that are
smaller in size report the crimes occurrence more frequently Small
businesses cope with unique struggles For instance a small company is
more likely to hire one person to handle its moneybased operations like
accounting or payroll because it really doesnt need several people for
this position However if this one person decides to embezzle from the
company its much easier for him or her to hide it To fly under the
security that many companies have in place to prevent financial loss
many embezzlers engage in longrunning schemes pp
pp
Employee theft
schemes often go on for five years or more with the longest one reported
spanning 41 years Embezzlers get away with longrunning financial
schemes like these by stealing small amounts making it tough for
companies to spot them Small losses add up however The average loss
for longrunning scams that lasted for five years or longer came to 22
million In schemes that lasted 10 years or more the average amount
lost to embezzlers was 54 million While financial theft happens more
often in small companies large businesses suffer higher median losses
Sourcepp
pp
pp
Government Accountability
Office Report 24 Agencies Still Struggle With IT Security Weaknesses 2017pp
Highlights
Two dozen federal agencies
continue to experience security weaknesses in five critical areas which
puts government systems and data at risk according to a new watchdog
agency report
The Government Accountability Office says in its report new
report titled
Weaknesses Continue To Indicate Need for Effective Implementation of
Policies and Practices that during fiscal 2016 the agencies
continued to experience weaknesses in protecting their information and
information systems due to ineffective implementation of information
security policies and practices
Most of the agencies that the GAO reviewed had weaknesses in five
control areas including access controls configuration management
controls segregation of duties contingency planning and agency wide
security management the report notes
The problems have been
recurring issues for many of the agencies the report adds
Yet evaluations by the GAO and agency inspectors determined that most
agencies
did not have effective
Information Security Programs
the report notes
The watchdog agency adds that it did not make any new recommendations to
address the issues because GAO and agency inspector generals have made
hundreds of recommendations to address these security control
deficiencies but many have not yet been fully implemented
Until agencies correct longstanding control deficiencies and address the
previous recommendations federal IT systems will remain at increased
and unnecessary risk of attack or compromise We continue to monitor the
agencies progress on those recommendations
pp
NITSIG Note
A
robust and effective Insider Threat Program requires that
organizations have an effective Security Information Information
Systems Security Programpp
Weak Governance And Security Exploitable Weaknesses By Insiderspp
It
Starts At The Top Of An Organization Lack Of Understanding Insider
Threat Risks At Corporate Levelpp
Poor Communication Between Critical Business Departments HR IT
Security And Supervisors Regarding Employee Trustworthiness Threatpp
Poor Facility Security Controls Facility Access Facilities Bag Checks
In Out No BYOD Policy Electronic Device Policypp
Poor Goverance Lack Of Security Policies Procedures No Sancitions For
Security Policy Violationspp
Poor Organizational Security Culture Weak Or Absent Security Briefings
For New Hires Contractorspp
Poor Personnel Management Practices PreEmployment Screening Position
ReAssignment Employee Continuous Monitoring For Trustworthiness
SeperationTermination Procedures Etcpp
Lack Of IdentifyingProtecting Crown Jewels Intellectual Propertypp
Lack Of Secure Configurations For Information Systems Workstations
Serverspp
Lack Of Secure Configurations For Software Applicationspp
Lack Of IT Configuration Managementpp
Lack Of User Activity Monitoring For IT Networkspp
Lack Of Cyber Threat Insider Threat Awareness Training For Employeespp
Lack Of Insider Threat Risk Mitigation Training For ITNetwork Security
Professionalspp
Poor Practices Related To The Acquisition Of Hardware Software Are
Security Risks Addressedpp
Poor Practices Related The Use Of Outside IT Contracting Services And
Other Contracting Services When Outsiders Become Insiderspp
pp
Measurable Damage
From Data Breaches Cisco Report
2017pp
Highlights
A business
should pay close attention to a 2017 report that was released from Cicso
concerning damages from data breaches The report provides insights
based on threat intelligence gathered by Ciscos security experts
combined with input from nearly 3000 Chief Security Officers CSOs and
other security operations leaders from businesses in 13 countries
According to the Cisco report organizations that suffered a breach the
effect was substantial 22 of breached organizations lost customers
40 of them lost more than a fifth of their customer base 29 lost
revenue with 38 of that group losing more than a fifth of their
revenue and 23 of breached organizations lost business opportunities
with 42 of them losing more than a fifth of such opportunitiespp
pp
pp
DoD PERSEREC Report The Expanding Spectrum Of Espionage By Americans
1947 2015pp
Highlights
This
report is the fourth in the series on espionage by Americans that the
Defense Personnel and Security Research Center PERSEREC began
publishing in 1992 The current report updates the scope of earlier work
by including recent cases and it extends the scope by exploring related
types of espionage in addition to the classic type
pp
There Are 3 Parts Of The Report
Part 1 Presents findings on characteristics of
Americans who committed espionagerelated offenses since 1947 The
findings are based on analyses of data collected from open sources
pp
Part 2 Explores the five types of espionage committed by the
209 individuals in this study classic espionage leaks acting as an
agent of a foreign government violations of export control laws and
economic espionage Each type is described by its legal bases examples
of cases and comparisons with the other types of espionage are provided
pp
Part 3 Considers the impact of the context in which espionage
takes place and discusses two important developments 1 information
and communications technologies ICT and 2 globalization
Sourcepp
pp
Defending Against the Wrong Enemy SANS Insider
Threat Survey 2017pp
Highlights
Organizations Recognize The Importance Of Insider Threat
Survey results are very promising in that they indicate
organizations recognize insider threat as the most potentially damaging
component of their threat environments Interestingly there is little
indication that most organizations have realigned budgets and staff to
coincide with that recognition
Losses Due To Insider Threat Are Largely Unknown
Relatively few respondents were able to quantify either real or
potential losses due to insider threat Organizations often do not spend
money in a critical area if they cannot quantify the losses This could
explain why insider threat is a concern but not a primary focus
Incident Response Is Not Focused Primarily On The Insider
Despite recognition of insiders as a common and vulnerable point
of attack fewer than 20 of respondents reported having a formal
incident response plan that deals with insider threat The primary focus
of incident response is to recover from an adverse event Incident
response plans that are focused on external threats might explain why
many organizations struggle to respond to incidents involving insiders
Detection Of Insider Threat Is Still Not Effective
More than 60 of the respondents claimed they have never
experienced an insider threat attack This result is very misleading It
is important to note that 38 of the respondents said they do not have
effective ways to detect insider attacks meaning the real problem may
be that organizations are not properly detecting insider threats not
that they are not happening
Organizations Must Deal With Both Malicious And Accidental Insider
Threats
When most people hear the term insider threat they typically think of
the malicious insider who is purposely causing harm to an organization
Although this type of insider will always be a concern the bigger
threat to most organizations is the accidental insidera legitimate user
whose login has been stolen or who has been manipulated into giving an
attacker access through other means It is possible that respondents did
not consider those compromised insiders as being part of what is
considered an insider threat Respondents to the survey most frequently
cited malicious employees 43 as their biggest concern It is
promising however that the accidental or negligent insider is a very
close second at 39 which means organizations are focusing more
resources in the correct area
pp
pp
GAO Report On
Insider Threat From Federal Workers
February 14 2017
Highlights
The GAO released a
report about the the Cyber Insider Threat titled CYBERSECURITY
Actions Needed To Strengthen US Capabilities
The report points a finger at Insider Threats from federal workers on
the governments vast cyber and computer system joining
foreign nations as a danger to sensitive and classified information
and even personal info
The GAO also declared frustration with the Obama administration in its
new report over its failure to implement 1000 security fixes needed to
close the door to hackers inside and out In testimony to Rep Barbara
Comstocks subcommittee in February 2017 Gregory Wilshusen director of
information security issues for GAO hit the government for failing to
act on 1000 of 2500 cybersecurity recommendations it has made
The GAO report requested by Rep Barbara Comstock the northern
Virginia Republican who represents thousands of federal workers is
blunt in its assessment of the threats to cybersecurity
Federal systems and networks are also often interconnected with other
internal and external systems and networks including the Internet
thereby increasing the number of avenues of attack and expanding their
attack surface said the report
Risks to cyber assets can originate from unintentional and intentional
threats These include insider threats from disaffected or careless
employees and business partners escalating and emerging threats from
around the globe the steady advances in the sophistication of attack
technology and the emergence of new and more destructive attacks it
added pointing a finger to federal insiderspp
Sourcepp
pp
pp
Increasing Concern
About Insider Threats At US Airports House Homeland Security Committee
Report
February 6 2017pp
Highlights
The House Homeland
Security Committee Majority Staff has issued a report entitled
Americas Airports The Threat From Within that examines employee
screening at the approximately 450 airports in the US under federal
control and found that much more needs to be done to improve the state
of access controls and mitigate the insider threat facing Americas
aviation sector
According to the 21page report Approximately 900000 people work at
these airports and many are able to bypass traditional screening
requirements that travelers visiting the airports must endure While the
overwhelming majority of these airport workers take the inherent
responsibility seriously there are increasing concerns that insider
threats to aviation security are on the rise
The report the result of an investigation conducted by Transportation
and Protective Security Subcommittee continued The Subcommittee has
worked closely with the Transportation Security Administration TSA and
the aviation stakeholder community to examine how we can work together
to improve access controls and employee screening at our nations
airports
The recommendations outlined in this report along with the
requirements of the Aviation Employee Screening and Security Enhancement
Act of 2017 which I introduced today will serve as a roadmap for TSA
airports and air carriers to close security vulnerabilities at our
nations airports Subcommittee Chairman John Katko RNY stated in a
press release about the report
The Subcommittee found that a majority of airports do not have full
employee screening at secure access points and that these airports are
unable to demonstrate the security effectiveness of their existing
employee screening efforts which consist largely of randomized
screening by TSA officers or airport law enforcement personnel
according to the press release
The report made nine recommendations that include examining the costs
and feasibility of expanded employee screening educating aviation
workers on their role in mitigating insider threats targeting the use
of employee screening to be more strategic and implementing the Federal
Bureau of Investigations FBI RapBack Service for all credentialed
aviation worker populationspp
Recent examples of insider threats discussed in the report include an
attempt to detonate a bomb at an airport gun and drug smuggling and
employees who became involved in terrorist activities overseas The
complete Americas Airports The Threat From Within report is
available
online
pp
pp
Healthcare
Data Breaches Report January 19 2017 pp
Highlightspp
Data breaches in the
US healthcare field cost 62 Billion dollars each year
pp
The average cost of
a single data breach across all industries is 4 Million dollars
according to a 2016 study from IBM and Ponemon Institutepp
Approximately 90 of
hospitals have reported a breach in the past two years and most
breaches are due to employee errorpp
The average HIPAA
settlement fine is approximately 11 Million dollars pp
Data Breach
notification costs 560000 on averagepp
Costs affiliated
with lawsuits average 88000000pp
Post data breach
cleanup costs average 44000000pp
Healthcare
organizations average 50000000 in lost brand value after a data
breach with some estimates reaching 50 Million dollars as an average
amount in lost brand value pp
Sourcepp
pp
Kroll Annual Global Fraud And Risk Report
2016 2017pp
Highlightspp
Data 82 of
executives surveyed worldwide experienced a fraud incident in the past
year compared to 75 in 2015pp
85 of executives reported
at least one cyber incident and over twothirds reported security
incidentspp
Fraud cyber and security
incidents are now the new normal for companies across the world
according to the executives surveyed for the report highlighting the
escalating threat to corporate reputation and regulatory compliancepp
Despite widespread
concerns about external attacks the findings reveal that the most
common perpetrators of fraud cyber and security incidents over the
past 12 months were current and former employeespp
Six out of ten respondents
60 who worked for companies that suffered from fraud identified a
combination of perpetrators that included current employees former
employees and third parties Almost half 49 said incidents involved
all three groups Junior staff were cited as key perpetrators in
twofifths 39 of fraud cases followed by senior or middle management
30 and freelance or temporary employees 27 Former employees were
also identified as responsible for 27 of incidents reportedpp
Overall 44 of
respondents reported that Insiders were the primary perpetrators of a
cyber incident with former employees the most frequent source of risk
20 compared to 14 citing freelance or temporary employees and 10
citing permanent employeespp
Adding agents or
intermediaries to this Insider group as quasiemployees increases the
proportion of executives indicating Insiders as the primary perpetrators
to a majority 57pp
Over half of respondents
56 said Insiders were the key perpetrators of security incidents
with former employees again the most common of these 23pp
pp
KPMG Report Global
Profiles Of The Fraudster
2016
Highlights
In a recent research report by KPMG Global Profiles of the
Fraudster fraud is a global issue It harms corporate reputations
costs millions and ruins lives Its a heavy economic and moral burden
on society This report analyzed profiles of 750 cybercrooks
investigated by forensic specialists across 81 countries and produced
what it calls the New Face Of Fraud
pp
Some Of The
Interesting Facts From This Reportpp
69 Were Between The Ages
of 36 and 55pp
65 Were Employed By The
Company That Was Hackedpp
35 Were Executives Or
Directorspp
38 Had Been With The
Company For At Least Six Yearspp
38 Described Themselves
As WellRespected In Their Companypp
62 Colluded With Others
In Their Crimespp
How Is Insider Fraud
Accomplished And Whypp
Creation Of False Or
Misleading Information In Accounting Records 24pp
False Or Misleading
Information Via Email Or Another Messaging Platform 20pp
Abuse Permissible Access
To Computer Systems 13pp
The report highlights
technology as one of the key elements involved in whitecollar crimes
across the globepp
While personal gain was
the predominant overriding motivation for committing fraud 60 the
sense of Because I Can was third at 27 according to the reportpp
Sourcepp
pp
US
Defense Contract Management Agency Malicious Or Accidental Insider
Threats Have Caused More Problems In DoD
2015
According to the US Defense Contract Management Agency DCMAs director
of operations the Department of Defense has positioned itself quite
strongly against external cyber threats but malicious or accidental
insider threats have caused more problems This was largely because
people within agencies largely do what they want and see security as a
form of interference he said Additionally some of the younger
employees have skills to successfully work around security protocols
pp pp
pp
Ponemon Institute Reports Employee Negligence Leading Cause of Insider
Threats Could Cost A Company Up To 15 Million 2015
Employee negligence which may be caused by multitasking and working
long hours can result in insider threats and cost companies millions of
dollars each year It can cost a US company as much as 15 million
and Germany companies 16 million in time wasted responding to security
incidents caused by human error according to a new survey of IT and IT
security practitioners in the US and Germany The survey commissioned
by Raytheon Websense and independently conducted by the information
security industry leader Ponemon Institute also revealed that 70
percent of US survey respondents and 64 percent of German respondents
report that more security incidents are caused by unintentional mistakes
than intentional andor malicious acts
Sourcepp pp pp
Mandiant Cybersecurity Firm Reports 100 Of Most Recent Incidents
Involved Some Form OF Insider Threat
2015
Sourcepp pp
pp
Insider Threats To Credit Unions Survey
2015
Highlightspp
83 of
surveyed financial institutions admit their biggest concern is
confidential information transferred to unauthorized recipientspp
52
say they are worried about sensitive data being transferred by use
of removable mediapp
77 of
all credit unions surveyed said they do not believe or were unsure
if they had complete protection regarding internal data threats
pp
62
stated they already have security controls in placepp
Sourcepp
pp
Vormetic
Insider Threats To Healthcare Report
2015
Highlightspp
92 of
102 USbased healthcare IT decision makers surveyed said their
organizations are either somewhat or more vulnerable to insider
threatspp
49
felt very or extremely vulnerable to insider threatspp
48 of
healthcare organizations experienced a data breach or failed a
compliance audit in the past yearpp
63 of
healthcare IT decision makers said their organizations are planning
to increase spending to offset data threatspp
pp
FBI Department of Homeland Security
Alert
2014pp
Highlightspp
A
recent 2014 FBI and Department of Homeland Security alert
reported
that employees with an ax to grind are increasingly using Internet
cloud services and other computer tools to hack their current or
former companies pp
Companies victimized by current or former employees incur costs from
5000 to 3 million pp
According to the FBI our nations secrets are in jeopardy
the same secrets that make a company profitable The FBI estimates billions of US dollars are lost to foreign
competitors every year These foreign competitors deliberately
target economic intelligence in advanced technologies and
flourishing US industries External data breaches by cyber
criminals get a lot of attention but
frequently insiders are recruited by foreign competitors to gather
and steal a
companys datapp
pp
SANS
Spectorsoft Insider Threat Survey
2014 2015
Highlightspp
74 of
the 772 IT security professionals surveyed said theyre concerned
about insider threats from negligent or malicious employeespp
32
said they have no ability to prevent an insider breachpp
28
said insider threat detection and prevention isnt a priority in
their organizationspp
44 of
respondents said they dont know how much they currently spend on
solutions to mitigate insider threatspp
45
said they dont know how much they plan to spend on such solutions
in the next 12 monthspp
69of
respondents said they currently have an incident response plan in
place but more than half of those respondents said that plan has no
special provisions for insider threatspp
52 of
survey respondents said they didnt know what their losses might
amount to in the case of an insider breachpp
Sourcepp pp
SolarWinds Survey Investigates Insider Threats
to Federal Cybersecurity
2015pp
Highlightspp
More than half 53 of federal IT Pros
identified careless and untrained insiders as the greatest source of
IT security threats at their agencies up from 42 percent last yearpp
Nearly twothirds 64 believe malicious
insider threats to be as damaging as or more damaging than malicious
external threats such as terrorist attacks or hacks by foreign
governments pp
Further 57 percent believe breaches caused by
accidental or careless insiders to be as damaging as or more
damaging than those caused by malicious insiderspp
Nearly half of respondents said government
data is most at risk of breach from employees or contractors
desktops or laptops Top causes of accidental insider breaches
include phishing attacks 49 data copied to insecure devices
44 accidental deletion or modification of critical data 41
and use of prohibited personal devices 37pp
Sourcepp
pp
Vormetric Insider Threat Report
2015pp
Highlightspp
93 of US
respondents said their organizations were somewhat or more
vulnerable to insider threatspp
59 of US
respondents believe privileged users pose the biggest threat to
their organizationpp
Preventing a data
breach is the highest or second highest priority for IT security
spending for 54 of respondents organizationspp
46 of US
respondents believe cloud environments are at the greatest risk for
loss of sensitive data in their organization yet 47 believe
databases have the greatest amount of sensitive data at riskpp
44 of US
respondents say their organization had experienced a data breach or
failed a compliance audit in the last yearpp
34 of US
respondents say their organizations are protecting sensitive data
because of a breach at a partner or a competitorpp
Source
pp pp
US State Of Cyber Crime Survey
2014pp
Highlightspp
The incidents that
typically fly under the media radar are insider eventspp
28 of respondents pointed the finger at
insiders
which includes trusted parties such as current and former employees
service providers and contractors pp
32 say insider
crimes are more costly or damaging than incidents perpetrated by
outsiders The larger the business the more likely it is to consider
insiders a threat larger businesses also are more likely to
recognize that insider incidents can be more costly and damaging
pp
Only
49 of all respondents have a plan for responding to insider
threatspp
Sourcepp
pp
GAO
Report On Personnel Security Clearances
2014pp
Highlightspp
A Government
Accountability Office GAO
report reviewed
the eligibility of individuals accessing classified information
pp
Access to classified
information was revoked in 20092013 for more than 18500 military
and civilian employees and contractors working for the Department of
Defense DoD according to an audit 16000 MilitaryCivilian Employees
And For 2500 contractorspp
The report examined
the most common reasons for revoking clearances by the DoD for
fiscal year 2013 The top causes for civilian and military personnel
were criminal conduct involvement with drugs and personal
conduct Top reasons for contractors were financial considerations
and personal and criminal conductpp
The report also
examined revocations by the Department of Homeland Security DHS
although only for fiscal year 2013 About 125000 DHS civilian and
military employees were eligible to access classified information as
of March 2014 DHS revoked eligibility for 113 personnel
during fiscal year 2013 the report saidpp
pp
Organizations Lack
Training And Budget To Mitigate Insider Threats
2014pp
Highlightspp
An Insider
Threat Survey conducted by Spectorsoft Now Veriato of 355 IT
and security professionals revealed the following
pp
61 stated they didnt
have the ability to deter an insider threat pp
59 stated they
couldnt detect an insider threatpp
60 of
stated that they werent prepared to respond to insider
attackspp
35 stated that they
had already experienced an insider attack with 41 of those
attacks involving financial fraud 49 of them involving a data
leak 16 involving intellectual property theftpp pp
Other
Insider
Threat Reportspp
DoD Top Management Challenges Report For 2018 Insider Threat Pages
3138pp
GAO Report Insider Threats In The DoD 2015pp
PERSEREC Espionage Case Summaries From 19752008pp
PERSEREC Espionage By Americans From 19472007pp
DoD Insider
Threat Mitigation Report 1999pp pp
pp
Insider Threat Mitigation Requires Senior Management Supportpp
Senior
Management must address the questions below if they are serious
about mitigating the Insider Threat and protecting an organization
assets pp
Has
your organization given serious consideration into what employees
are really doing with the organizations most critical information
pp
Does
your organization have visibility into its employees actions on your
information systems databases and networks that store intellectual
property proprietary information and sensitive informationpp
Can
your company afford to loose its critical market share and let this
information get into the hands of your competitorspp
Could
the loss of this information cause your company bad publicity
damage to your companys reputation and stock prices cause your
company to face legal action or put your company out of businesspp
pp
pp
Copyright 2021
National Insider Threat Special Interest Group All Rights
Reserved Legal Noticepp
p
