This article is the sixth in the series Spotlight On, published by the CERT® Insider Threat Center at Carnegie Mellon University's Software Engineering Institute and funded by CyLab. Each article focuses on a specific area of concern and presents analysis based on hundreds of actual insider threat cases cataloged in the CERT insider threat database. For more information about the CERT Program's insider threat work, see http://www.cert.org/insider_threat/.
This article focuses on cases in which the malicious insider was employed by a trusted business partner of the victim organization. We first define the concept of trusted business partner (TBP) and then describe case scenarios in which a TBP has become an insider threat. These case scenarios concentrate on presenting the who, what, why, and how of the illicit activity. Finally, we provide recommendations that may be useful in countering these threats