This comprehensive report from Carnegie Mellon University (2022) analyses 3,000 cases of insider threat to provide 22 evidence-based best practices for organisations. 

According to the survey, termination and resignation are the two most common stressors leading to an insider incident. Email, removable media, and paper are the most common data exfiltration methods. The finance and insurance industry, as well as public administration, are most prone to insider attacks, whereas real estate, construction, and agriculture are the least prone.

Source: Common Sense Guide to Mitigating Insider Threats, 2022, Carnegie Mellon University

Source: Common Sense Guide to Mitigating Insider Threats, 2022, Carnegie Mellon University

The report offers 22 best practices in dealing with insider threat and risk. They are:

  1. Know and Protect Your Critical Assets
  2. Develop a Formalised Insider Risk Management Program
  3. Clearly Document and Consistently Enforce Administrative Controls
  4. Beginning With the Hiring Process, Monitor and Respond to Suspicious or Disruptive Behaviour
  5. Anticipate and Manage Negative Issues in the Work Environment
  6. Consider Threats From Insiders and Trusted External Entities in Enterprise-Wide Risk Assessments
  7. Be Especially Vigilant Regarding Social Media
  8. Structure Management and Tasks to Minimise Insider Stress and Mistakes
  9. Incorporate Insider Threat Awareness Into Periodic Security Training for All Workforce Members
  10. Implement Strict Password and Account Management Policies and Practices
  11. Institute Stringent Access Controls and Monitoring Policies on Privileged Users
  12. Deploy Solutions for Monitoring Workforce Member Actions and Correlating Information from Multiple Data Sources
  13. Monitor and Control Remote Access from All Endpoints, Including Mobile Devices
  14. Establish a Baseline of Normal Behavior for Both Networks and Workforce Members
  15. Enforce Separation of Duties and Least Privilege
  16. Define Explicit Security Agreements for Cloud Services, Especially Access Restrictions and Monitoring Capabilities
  17. Institutionalize System Change Controls
  18. Implement Secure Backup and Recovery Processes
  19. Mitigate Unauthorised Data Exfiltration
  20. Develop a Comprehensive Workforce Member Termination Procedure 
  21. Adopt Positive Incentives to Align the Workforce and the Organization
  22. Learn From Past Insider Threat Incidents

The full report describes how companies can implement each of the best practices.


Read the full report