The Department of Homeland Security National Cybersecurity and Communications Integration Center advises that “insider threats, to include sabotage, theft, espionage, fraud, and competitive advantage are often carried out through abusing access rights, theft of materials, and mishandling physical devices.” Threats can also result from employee carelessness or policy violations that allow system access to malicious outsiders. These activities typically persist over time, and occur in all types of work environments, ranging from private companies to government agencies.
The resources listed below can assist organizations better understand threats to their proprietary or sensitive information and develop protective measures.
- The DHS National Cybersecurity and Communications Integration Center’s Combating the Insider Threat describes the importance of distinguishing between normal and risky behavior to detect and deter insider threats.
- The DHS Science and Technology Insider Threat Cybersecurity Program seeks advanced R&D solutions to provide needed capabilities to address six areas: Collect & Analyze, Detect, Deter, Protect, Predict, and React. Review the Cybersecurity Division Insider Threat Fact Sheet for more details.
- The DHS National Intellectual Property Rights Coordination Center connects 23 federal and international partners to defend against global intellectual property theft and enforcement of international trade laws.
- The DHS US-CERT Assessments: Cyber Resilience Review is a no-cost, non-technical, self-assessment to evaluate an organization’s operational resilience and cybersecurity practices.
- The DHS US-CERT Critical Infrastructure Cyber Community Voluntary Program (C3VP) improves the resiliency of critical infrastructure’s cybersecurity systems by supporting and promoting the use of the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework.
- The CERT Insider Threat Center, at Carnegie Mellon’s Software Engineering Institute (SEI), can help identify potential and realized insider threats in an organization, institute ways to prevent them, and establish processes to deal with them if they do happen.
- The Department of Justice "Reporting Intellectual Property Crime: A Guide for Victims of Copyright Infringement, Trademark Counterfeiting, and Trade Secret Theft" explains what can be done following an intellectual property crime.
- The FBI Intellectual Property Protection Fact Sheet describes how to safe guard an organization’s proprietary information.
- The FBI Checklist for Reporting an Economic Espionage or Theft of Trade Secrets Offense can be used to report crimes to local federal law enforcement officials.
- Review the FBI Economic Espionage brochure for information on protecting trade secrets.
- The FBI Insider Threat: An Introduction to Detecting and Deterring an Insider Spy is an introduction for managers and security personnel on behavioral indicators, warning signs and ways to more effectively detect and deter insiders from compromising organizational trade secrets and sensitive data.
- The FBI Internet Crime Complaint Center (IC3) provides a reliable and convenient single point thru which internet-related crimes can be reported and public awareness materials can be published.