search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Unintentional Insider Threats: A Review of Phishing and Malware Incidents by Economic Sector

Technical Note
By
This report analyzes unintentional insider threat cases of phishing and other social engineering attacks involving malware.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2014-TN-007
DOI (Digital Object Identifier)
10.1184/R1/6585587.v1

Abstract

The research documented in this report seeks to advance the understanding of the unintentional insider threat (UIT) that results from phishing and other social engineering cases, specifically those involving malicious software (malware). The research team collected and analyzed publicly reported phishing cases involving malware and performed an initial analysis of the industry sectors impacted by this type of incident. This report provides that analysis as well as case examples and potential recommendations for mitigating UITs stemming from phishing and other social engineering incidents. The report also compares security offices’ current practice of UIT monitoring to the current manufacturing and healthcare industries’ practice of tracking near misses of adverse events.

SHARE
Download PDF
Cite This Technical Note

CERT Insider Threat Team, T. (2014, July 18). Unintentional Insider Threats: A Review of Phishing and Malware Incidents by Economic Sector. (Technical Note CMU/SEI-2014-TN-007). Retrieved April 19, 2024, from https://doi.org/10.1184/R1/6585587.v1.

@techreport{cert_insider_threat_team_2014,
author={CERT Insider Threat Team, The},
title={Unintentional Insider Threats: A Review of Phishing and Malware Incidents by Economic Sector},
month={Jul},
year={2014},
number={CMU/SEI-2014-TN-007},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6585587.v1},
note={Accessed: 2024-Apr-19}
}

CERT Insider Threat Team, The. "Unintentional Insider Threats: A Review of Phishing and Malware Incidents by Economic Sector." (CMU/SEI-2014-TN-007). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, July 18, 2014. https://doi.org/10.1184/R1/6585587.v1.

T. CERT Insider Threat Team, "Unintentional Insider Threats: A Review of Phishing and Malware Incidents by Economic Sector," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-2014-TN-007, 18-Jul-2014 [Online]. Available: https://doi.org/10.1184/R1/6585587.v1. [Accessed: 19-Apr-2024].

CERT Insider Threat Team, The. "Unintentional Insider Threats: A Review of Phishing and Malware Incidents by Economic Sector." (Technical Note CMU/SEI-2014-TN-007). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 18 Jul. 2014. https://doi.org/10.1184/R1/6585587.v1. Accessed 19 Apr. 2024.

CERT Insider Threat Team, The. Unintentional Insider Threats: A Review of Phishing and Malware Incidents by Economic Sector. CMU/SEI-2014-TN-007. Software Engineering Institute. 2014. https://doi.org/10.1184/R1/6585587.v1

Ask a question about this Technical Note