Spotlight On: Insider Threat from Trusted Business Partners
February 2010 • White Paper
Robert Weiland (Carnegie Mellon University), Andrew P. Moore, Dawn Cappelli, Randall F. Trzeciak, Derrick Spooner
In this report, the authors focus on cases in which the insider was employed by a trusted business partner of the victim organization.
Software Engineering Institute
This report is the fourth in the quarterly series, Spotlight On, published by the Insider Threat Center at CERT and funded by CyLab. Each report focuses on a specific area of concern and presents analysis based on hundreds of actual insider threat cases cataloged in the CERT insider threat database. For more information about CERT's insider threat work, see http://www.cert.org/insider_threat/.
This article will focus on cases in which the insider was employed by a trusted business partner of the victim organization. We first define the concept of trusted business partner (TBP) and then describe case scenarios in which a TBP has become an insider threat. These case scenarios concentrate on presenting the who, what, why, and how of the illicit activity. Finally, we provide recommendations that may be useful in countering these threats.
We would like to thank the following for their contributions to this article: Sally Cunningham Deputy Director of Program, Development, and Transition at the SEI; William Shore – retired Special Agent with the FBI who is now the Manager of Security at the Software Engineering Institute; and Dr. Eric Shaw – a visiting scientist at CERT and clinical psychologist at Consulting & Clinical Psychology, Ltd.