INSIDER THREAT INCIDENTS RESEARCH & REPORTS   The NITSIG in conjunction with the Insider Threat Defense Group have researched and analyzed over 6,400+ Insider Threat incidents over 13+ years.   These EYE OPENING monthly reports show just how serious the Insider Threat problem is, and the very costly and damaging impacts to organizations of all types and sizes.   The SEVERE IMPACTS Can Be Caused By: Just 1 Employee Multiple Employees' In Collusion Employees' In Collusion With External Co-Conspirator(s)   Managing Employee Threats In An Organization Is More Than Just Dealing With: Employee Dissatisfaction Employee To Employee Relationship Problems Employee To Supervisor Relationship Problems Negative Performance Reviews Diversity Problems Suspicious Technical Behaviors Preventing Sexual Harassment, Workplace Violence There are many other types of Malicious Actions caused by employees', who may be very disgruntled, that can be very damaging and have very serious impacts to an organization.   Examples: Financial Loss (Trade Secrets / Data Theft, $$$ Embezzlement) Operational Impact For The Organization To Execute Its Mission (IT / Network Sabotage, Data Destruction, Sabotage To Facility, Etc.) Legal, Compliance & Liability Impacts Stock Price Reduction Employees Lose Jobs / Company Goes Out Of Business And More........ CISA Insider Threat Types Chart CERT Insider Threat Chart (Threats Vs. Damages)         Employees' Looking To Live Extravagant Lifestyles NITSIG research also indicates many employees may not be disgruntled, but have other motives such as financial gain to live a better lifestyle, etc.   You might be shocked as to what employees do with the money they steal or embezzle from organizations and businesses, and how many years they got away with it, until they were caught. (1 To 20 Years)     What Do Employees' Do With The Money They Embezzle / Steal From Federal / State Government Agencies & Businesses Or With The Money They Receive From Bribes / Kickbacks? They Have Purchased:  Vehicles, Collectible Cars, Motorcycles, Jets, Boats, Yachts, Jewelry, Buy Properties & Businesses  They Have Used Company Funds / Credit Cards To Pay For: Rent / Leasing Apartments, Furniture, Monthly Vehicle Payments, Credit Card Bills / Lines Of Credit, Child Support, Student Loans, Fine Dining, Wedding, Anniversary Parties, Cosmetic Surgery, Designer Clothing, Tuition, Travel, Renovate Homes, Auto Repairs, Fund Shopping / Gambling Addictions, Fund Their Side Business / Family Business, Buying Stocks, Firearms, Ammunition & Camping Equipment, Pet Grooming, And More....... They Have Issued Company Checks To: Themselves, Family Members, Friends, Boyfriends / Girlfriends   These reports will give the reader a comprehensive view of the "Actual Malicious Actions" employees are taking against their employers.   Many CEO's, Boards, and C-Suite's have taken a much more aggressive approach for detecting and mitigating Insider Threats after reading these reports, as they provide the justification, return on investment, and support the funding approvals ($$$) needed for developing, implementing, managing or optimizing  an Insider Threat Program.   Even if an organization is not required to implement an Insider Threat Program, these reports provide valuable insights as to why organizations should be more concerned with employee threat identification and mitigation.       INSIDER THREAT INCIDENTS REPORTS Produced Monthly By: National Insider Threat Special Interest Group (NITSIG) Insider Threat Defense Group The incidents listed in these reports on the links below, provide EYE OPENING EXAMPLES of the many different types of Insider Threats and the SEVERE IMPACTS. These incidents are caused by JUST 1 EMPLOYEE or by MULTIPLE EMPLOYEES', or by EMPLOYEES' WORKING WITH EXTERNAL CO-CONSPIRATORS. If you would like to be notified when the NITSIG releases the monthly Insider Threat Incidents Reports, and other related information, please send an e-mail to: jimhenderson@nationalinsiderthreatsig.org   Download Reports / No Registration Required Insider Threat Incidents Report For July 2021   Insider Threat Incidents Report For August 2021   Insider Threat Incidents Report For September 2021   Insider Threat Incidents Report For October 2021   Insider Threat Incidents Report For November 2021   Insider Threat Incidents Report For December 2021   Insider Threat Incidents Report For January 2022   Insider Threat Incidents Report For February 2022   Insider Threat Incidents Report For March 2022   Insider Threat Incidents Report For April 2022   Insider Threat Incidents Report For May 2022   Insider Threat Incidents Report For June 2022   Insider Threat Incidents Report For July 2022   Insider Threat Incidents Report For August 2022   Insider Threat Incidents Report For September 2022   Insider Threat Incidents Report For October 2022   Insider Threat Incidents Report For November 2022   Insider Threat Incidents Report For December 2022   Insider Threat Incidents Report For January 2023   Insider Threat Incidents Report For February 2023   Insider Threat Incidents Report For March 2023   Insider Threat Incidents Report For April 2023   Insider Threat Incidents Report For May 2023   Insider Threat Incidents Report For June 2023   Insider Threat Incidents Report For July 2023   Insider Threat Incidents Report For August 2023   Insider Threat Incidents Report For September 2023   Insider Threat Incidents Report For October 2023   Insider Threat Incidents Report For November 2023   Insider Threat Incidents Report For December 2023   Insider Threat Incidents Report For January 2024   Insider Threat Incidents Report For February 2024   Insider Threat Incidents Report For March 2024   Insider Threat Incidents Report For April 2024   Insider Threat Incidents Report For May 2024   Insider Threat Incidents Report For June 2024   Insider Threat Incidents Report For July 2024   Insider Threat Incidents Report For August 2024   Insider Threat Incidents Report For September 2024   Insider Threat Incidents Report For October 2024   Insider Threat Incidents Report For November 2024   Insider Threat Incidents Report For December 2024   Insider Threat Incidents Report For January 2025   Insider Threat Incidents Report For February 2025   Insider Threat Incidents Report For March 2025   Insider Threat Incidents Report For April 2025   Insider Threat Incidents Report For April 2025   Insider Threat Incidents Report For May 2025   Insider Threat Incidents Report For June 2025   NITSIG Insider Threat Incidents Report (Up To 2017) Source     WHY INSIDER THREATS REMAIN AN UNRESOLVED CYBER SECURITY CHALLENGE Produced By: IntroSecurity And The National Insider Threat Special Interest Group (NITSIG) / June 2025   The report was developed in collaboration with IntroSecurity and the NITSIG. It provides a practical and real world approach to Insider Risk Management (IRM), based off of research of actual Insider Threat incidents and the maturity levels of IRM Programs (IRMP's) This report provides detailed recommendations for mitigating Insider Risks and Threats. It outlines strategies for strengthening IRMP's and cross-departmental governance, adopting advanced detection techniques, and fostering key stakeholder and employee engagement to protect an organizations Facilities, Physical Assets, Financial Assets, Employees, Data, Computer Systems - Networks from the risky or malicious actions of employees. The goal of this report is to provide anyone involved in managing or supporting an IRM Program with a common sense approach for identifying, detering, mitigating and preventing Insider Risk and Threats. Through research, collaboration and conversations with NITSIG Members, and discussions with organizations that have experienced actual Insider Threat incidents, the report outlines recommendations for an organization to defend itself from the very costly and damaging Insider Threat problem.   Download Report / No Registration Required     U.S. GOVERNMENT INSIDER THREAT INCIDENTS REPORT FOR 2020 TO 2024 Produced By: National Insider Threat Special Interest Group (NITSIG) Insider Threat Defense Group The NITSIG was contacted by Senator Joni Ernst's office in December 2024, and a request was made to write a report about Insider Threats in the U.S. Government (USG) for the Department Of Government Efficiency (DOGE) This report is intended to provide DOGE with an in-depth look at the magnitude of the Insider Threat problems. How can the U.S. Government be run 1) Efficiently, 2) Effectively and 3) Within Budget, when U.S. Government employees and contractors are taking malicious actions that will impede these 3 objectives? There has been a long standing and continuing problem of U.S. Government employees and employees supporting the government, who have intentionally committed theft, fraud, embezzlement, taken bribes and also received kickbacks related to U.S. Government contracting. Some employees’ may not be disgruntled / malicious, but have other opportunist motives, such as living a lifestyle beyond their means. This report covers the time period of 2020 to 2024. The Insider Threat goes beyond goes beyond the previous presidents administration, and has apparently been an acceptable norm, until the DOGE was stood up in 2025. This report will reveal that many USG employees and contractors have been sentenced to prison. Others have been arrested, been charged, pleaded guilty or are awaiting further legal action to be taken. See Pages 6-118 For Incidents) The large amount of theft, fraud and embezzlement within the U.S. Post Office, DoD and the Veterans Administration is very concerning as reflected in this report. Download Report / No Registration Required       DEPARTMENT OF DEFENSE INSIDER THREAT INCIDENTS REPORT FOR 2024 Produced By: National Insider Threat Special Interest Group Insider Threat Defense Group   Report Overview Insider Threat incidents within the Department Of Defense (DoD) (U.S. Army, Navy, Air Force, Marines) are not just related to espionage, the unauthorized distribution of classified information to foreign governments or other individuals, or the prevalence of extremist ideology and behaviors. The traditional norm or mindset that DoD employees just steal classified information or other sensitive information is no longer the case. There continues to be an increase within the DoD of financial fraud, contracting fraud, bribery, kickbacks, theft of DoD physical assets, etc. This is very evident in the research that has been conducted by the NITSIG and previously published in the monthly Insider Threat Incidents Reports. While some employees may display behavioral indicators of concerns, some may not. Other employees are apparently motivated by human greed, the need for more money, or the opportunity to live a lifestyle of luxury at the expense of the DoD. Perpetrators have used DoD money for: Investment Ventures, To Pay Debts, Jewelry, Clothing, Vehicles, Real Estate, Vacations and more DoD organizations have invested millions of dollars in securing their data, computers and networks against Insider Threats, from primarily a technical perspective, using Network Security Tools or Insider Threat Detection Tools. But the Insider Threat problem is not just a technical problem. The intent of this report is to provide a more holistic view of various types of Insider Threat incidents within the DoD. This report should be used as an awareness and educational tool to gain additional support and funding from senior leaders for an Insider Threat Program (ITP). This report also serves as an excellent Insider Threat Awareness Tool, to educate key stakeholders supporting an ITP, and to educate DoD employees on the importance of reporting employees’ who may pose a risk or threat to the organization. Download Report / No Registration Required       INSIDER THREAT INCIDENTS SPOTLIGHT REPORT FOR 2023 Produced By: National Insider Threat Special Interest Group Insider Threat Defense Group This comprehensive EYE OPENING report provides a 360 DEGREE VIEW of the many different types of malicious actions employees' have taken against their employers. This is the only report produced that provides clear and indisputable evidence of how very costly and damaging Insider Threat incidents can be to organizations of all types and sizes. (U.S. Government, Private Sector) The many examples listed in this report clearly substantiate the need to enhance security controls (Non-Technical, Technical) to detect and mitigate Insider Risks / Threats, or the importance of implementing an Insider Risk Management Program for an organization. Taking a PROACTIVE rather than REACTIVE approach is critical to protecting your organization from employee risks / threats.   Download Report / No Registration Required       OTHER SOURCES FOR INSIDER THREAT INCIDENTS & NEWS Produced By: NITSIG / Insider Threat Defense Group (ITDG)   Insider Threat Incidents E-Magazine On Flipboard (Updated Daily) Largest Publicly Available Source Of Insider Threat Incidents (6,000+) View On The Link Below, Or Download The Flipboard App To View On Your Mobile Device Source     NITSIG Workplace Violence Incidents E-Magazine View On The Link Below, Or Download The Flipboard App To View On Your Mobile Device Source     NITSIG Group On LinkedIn (Request Access) The NITSIG has created a LinkedIn Group for individuals that interested in sharing and gaining in-depth knowledge regarding Insider Threat Mitigation and Insider Threat Program Management, and to also share the latest news, upcoming events and information. Join Group     NITSIG - ITDG Insider Threat Incidents / News On Twitter  (Updated Daily) (Follow Us On Twitter: @InsiderThreatDG) Source     Insider Threat Defense Group Website (Examples Of Many Different Types Of Insider Threat Incidents) Source     Defense Counterintelligence & Security Agency Insider Threat Case Studies Source     Older Insider Threat Reports / Surveys For Reference (1999 To 2018) Some Reports / Surveys Below Contain No Source Links,  Because Content Has Been Removed From Website     Global Study Reveals Majority Of Visual Hacking Attempts Are Successful Organizations around the world are at risk of sharing highly sensitive information through visual hacking in business office environments. This risk was revealed in the 2016 Global Visual Hacking Experiment, an expansion of the 2015 Visual Hacking Experiment conducted in the United States by Ponemon Institute and sponsored by 3M Company. The global study included trials in China, France, Germany, India, Japan, South Korea and the United Kingdom. The combined results found that sensitive information was successfully captured in 91% of visual hacking attempts globally. (Experiment Results) The experiments involved 157 trials with 46 participating companies across the eight countries. They exposed low-tech hacking methods as a significant risk to corporations around the world. The findings revealed that organizations need to create awareness among employees on protecting data displayed on device screens, as 52% of the sensitive information captured during the experiments came from employee computer screens. In the experiments, a "White Hat Visual Hacker" (WHVH) assumed the role of temporary office worker and was assigned a valid security badge worn in visible sight. The WHVH attempted to visually hack sensitive or confidential information using three methods: Walking through the office scouting for information in full view on desks. Observing computer monitor screens and other indiscrete locations like printers and copy machines. Taking a stack of business documents labeled as confidential off a desk and placing it into a briefcase Using a smartphone to take a picture of confidential information displayed on a computer screen. All of the methods above were completed in front of other office workers at each participating company. In 68 % of the hacking attempts, office personnel did not question or report the visual hacker even after witnessing unusual or suspicious behavior.     DoD PERSEREC Report - A Strategic Plan To Leverage The Social & Behavioral Sciences To Counter the Insider Threat - 2018 In 2016, the Office of the Under Secretary of Defense for Intelligence partnered with the Defense Personnel and Security Research Center (PERSEREC) to design a comprehensive research plan and strategy to integrate the social and behavioral sciences (SBS) into the DoD counter-insider threat mission space. PERSEREC completed 59 interviews with 66 SMEs who represented 45 organizations: 10 private sector companies, nine Defense Agencies, nine non-DoD federal agencies, seven federally funded research and development centers (FFRDC) and university affiliated research centers (UARC), four military Services, four DoD Field Activities, one Defense Joint Activity, and one Combatant Command. (Source)     Aviation Insider Threat Team Report - 2018     Ponemon Institute Study - The True Cost of Insider Threats Revealed - 2018 This global study reports on what companies have spent to deal with a data breach caused by a careless or negligent employee or contractor, criminal or malicious insider or a credential thief. While the negligent insider is the root cause of most breaches, the bad actor who steals employees’ credentials is responsible for the most costly incidents. The first study on the cost of insider threats was conducted in 2016 and focused exclusively on companies in the United States. In this year’s benchmark study, 717 IT and IT security practitioners in 159 organizations in North America (United States and Canada), Europe, Middle East and Africa, and Asia-Pacific were interviewed. According to the research, if the incident involved a negligent employee or contractor, companies spent an average of $283,281. The average cost more than doubles if the incident involved an imposter or thief who steals credentials ($648,845). Hackers cost the organizations represented in this research an average of $607,745 per incident. Ponemon Institute concludes that companies need to intensify their efforts to minimize the insider risk because of rising costs and frequency of incidents. Since 2016 the average number of incidents involving employee or contractor negligence has increased from 10.5 to 13.4. The average number of credential theft incidents has tripled over the past two years, from 1.0 to 2.9. In addition, these incidents are not resolved quickly. Our analysis revealed that it took the companies in our study more than two months on average to contain an insider incident. Only 16 percent of incidents were contained in less than 30 days.     Insider Threat Survey - 2018 This research is based on the results of a comprehensive online survey of 472 cybersecurity professionals to gain deep insight into the insider threat faced by organizations and the solutions to detect, remediate, and prevent it. The respondents range from technical executives to managers and IT security practitioners, representing organizations of varying sizes across all industries. Highlights 90% of organizations feel vulnerable to insider attacks. The main enabling risk factors include too many users with excessive access privileges (37%), an increasing number of devices with access to sensitive data (36%), and the increasing complexity of information technology (35%). A 53% majority have confirmed insider attacks against their organization in the previous 12 months (typically less than five attacks). 27% of organizations say insider attacks have become more frequent. Organizations are shifting their focus on detection of insider threats (64%), followed by deterrence methods (58%), and analysis and post breach forensics (49%). The use of user behavior monitoring is accelerating; 94% of organizations deploy some method of monitoring users and 93% monitor access to sensitive data. The most popular technologies to deter insider threats are Data Loss Prevention (DLP), encryption, and identity and access management solutions. To better detect active insider threats, companies deploy Intrusion Detection Prevention Solutions (IDPS), log management and SIEM platforms. The vast majority (86%) of organizations already have or are building an Insider Threat Program. 36% have a formal program in place to respond to insider attacks, while 50% are focused on developing their program.     Harvey Nash / KPMG Global Survey Of 4500 CIOs - Tech Leaders - Insider Threat Fastest Growing Threat - 2017 External Hackers are not the only threat your business or organization may be facing. One of your biggest risks comes from your own employees. This survey finds that the insider threat problem is the fastest-growing one of all. Source     Hiscxo Embezzlement Study - 2017 To find out who’s stealing from small businesses, Hiscox examined publicly available data on U.S. federal court activity related to employee fraud. Perhaps surprisingly, it turns out that women embezzle more frequently than men do (though only by a small percentage). The median age of this kind of criminal is 48 years old, and they most likely work in a finance or accounting role.   Another surprising fact is that instances of embezzlement at companies of all sizes may last longer than you might think: Statistics showed that more than a quarter of embezzlement's take place for longer than five years. While all companies face the risk of embezzlement, those that are smaller in size report the crime’s occurrence more frequently. Small businesses cope with unique struggles. For instance, a small company is more likely to hire one person to handle its money-based operations like accounting or payroll because it really doesn’t need several people for this position. However, if this one person decides to embezzle from the company, it’s much easier for him or her to hide it. To fly under the security that many companies have in place to prevent financial loss, many embezzlers engage in long-running schemes.   Employee theft schemes often go on for five years or more with the longest one reported spanning 41 years. Embezzlers get away with long-running financial schemes like these by stealing small amounts, making it tough for companies to spot them. Small losses add up, however. The average loss for long-running scams that lasted for five years or longer came to $2.2 million. In schemes that lasted 10 years or more, the average amount lost to embezzlers was $5.4 million. While financial theft happens more often in small companies, large businesses suffer higher median losses.  Source     Government Accountability Office Report: 24 Agencies Still Struggle With IT Security Weaknesses - 2017 Highlights Two dozen federal agencies continue to experience security weaknesses in five critical areas, which puts government systems and data at risk, according to a new watchdog agency report. The Government Accountability Office says in its report new report titled Weaknesses Continue To Indicate Need for Effective Implementation of Policies and Practices, that during fiscal 2016, the agencies continued to experience weaknesses in protecting their information and information systems due to ineffective implementation of information security policies and practices. Most of the agencies that the GAO reviewed had weaknesses in five control areas, including access controls, configuration management controls, segregation of duties, contingency planning and agency wide security management, the report notes. The problems have been recurring issues for many of the agencies, the report adds. Yet evaluations by the GAO and agency inspectors determined that most agencies did not have effective Information Security Programs, the report notes. The watchdog agency adds that it did not make any new recommendations to address the issues because GAO and agency inspector generals "have made hundreds of recommendations to address these security control deficiencies, but many have not yet been fully implemented." Until agencies correct longstanding control deficiencies and address the previous recommendations, "federal IT systems will remain at increased and unnecessary risk of attack or compromise. We continue to monitor the agencies' progress on those recommendations."   NITSIG Note: A robust and effective Insider Threat Program, requires that organizations have an effective Security / Information / Information Systems Security Program. Weak Governance And Security = Exploitable Weaknesses By Insiders It Starts At The Top Of An Organization: Lack Of Understanding Insider Threat Risks At Corporate Level Poor Communication Between Critical Business Departments (HR, IT, Security) And Supervisors Regarding Employee Trustworthiness / Threat Poor Facility Security Controls (Facility Access, Facilities Bag Checks (In & Out), No BYOD Policy / Electronic Device Policy) Poor Goverance (Lack Of Security Policies, Procedures. No Sancitions For Security Policy Violations) Poor Organizational Security Culture (Weak Or Absent Security Briefings For New Hires, Contractors) Poor Personnel Management Practices (Pre-Employment Screening, Position Re-Assignment, Employee Continuous Monitoring For Trustworthiness, Seperation-Termination Procedures, Etc.) Lack Of Identifying-Protecting Crown Jewels / Intellectual Property Lack Of Secure Configurations For Information Systems (Workstations / Servers) Lack Of Secure Configurations For Software Applications Lack Of IT Configuration Management Lack Of User Activity Monitoring For IT Networks Lack Of Cyber Threat - Insider Threat Awareness Training For Employees Lack Of Insider Threat Risk Mitigation Training For IT-Network Security Professionals Poor Practices Related To The Acquisition Of Hardware, Software (Are Security Risks Addressed?) Poor Practices Related The Use Of Outside IT Contracting Services And Other Contracting Services (When Outsiders Become Insiders)   Measurable Damage From Data Breaches - Cisco Report - 2017 Highlights A business should pay close attention to a 2017 report that was released from Cicso concerning damages from data breaches. The report provides insights based on threat intelligence gathered by Cisco's security experts, combined with input from nearly 3,000 Chief Security Officers (CSOs) and other security operations leaders from businesses in 13 countries. According to the Cisco report, organizations that suffered a breach, the effect was substantial: 22% of breached organizations lost customers, 40% of them lost more than a fifth of their customer base, 29% lost revenue, with 38% of that group losing more than a fifth of their revenue, and 23% of breached organizations lost business opportunities, with 42% of them losing more than a fifth of such opportunities.     DoD PERSEREC Report - The Expanding Spectrum Of Espionage By Americans 1947 - 2015 Highlights This report is the fourth in the series on espionage by Americans that the Defense Personnel and Security Research Center (PERSEREC) began publishing in 1992. The current report updates the scope of earlier work by including recent cases, and it extends the scope by exploring related types of espionage in addition to the classic type.   There Are 3 Parts Of The Report Part 1 - Presents findings on characteristics of Americans who committed espionage-related offenses since 1947. The findings are based on analyses of data collected from open sources.   Part 2 - Explores the five types of espionage committed by the 209 individuals in this study: classic espionage, leaks, acting as an agent of a foreign government, violations of export control laws, and economic espionage. Each type is described by its legal bases; examples of cases and comparisons with the other types of espionage are provided.   Part 3 - Considers the impact of the context in which espionage takes place, and discusses two important developments: (1) information and communications technologies (ICT), and (2) globalization. Source   Defending Against the Wrong Enemy: SANS Insider Threat Survey - 2017 Highlights Organizations Recognize The Importance Of Insider Threat. Survey results are very promising in that they indicate organizations recognize insider threat as the most potentially damaging component of their threat environments. Interestingly, there is little indication that most organizations have realigned budgets and staff to coincide with that recognition. Losses Due To Insider Threat Are Largely Unknown Relatively few respondents were able to quantify either real or potential losses due to insider threat. Organizations often do not spend money in a critical area if they cannot quantify the losses. This could explain why insider threat is a concern but not a primary focus. Incident Response Is Not Focused Primarily On The Insider Despite recognition of insiders as a common and vulnerable point of attack, fewer than 20% of respondents reported having a formal incident response plan that deals with insider threat. The primary focus of incident response is to recover from an adverse event. Incident response plans that are focused on external threats might explain why many organizations struggle to respond to incidents involving insiders. Detection Of Insider Threat Is Still Not Effective. More than 60% of the respondents claimed they have never experienced an insider threat attack. This result is very misleading. It is important to note that 38% of the respondents said they do not have effective ways to detect insider attacks, meaning the real problem may be that organizations are not properly detecting insider threats, not that they are not happening. Organizations Must Deal With Both Malicious And Accidental Insider Threats When most people hear the term insider threat, they typically think of the malicious insider, who is purposely causing harm to an organization. Although this type of insider will always be a concern, the bigger threat to most organizations is the accidental insider—a legitimate user whose login has been stolen or who has been manipulated into giving an attacker access through other means. It is possible that respondents did not consider those compromised insiders as being part of what is considered an insider threat. Respondents to the survey most frequently cited malicious employees (43%) as their biggest concern. It is promising, however, that the accidental or negligent insider is a very close second (at 39%), which means organizations are focusing more resources in the correct area.     GAO Report On Insider Threat From Federal Workers - February 14, 2017 Highlights The GAO released a report about the the Cyber Insider Threat titled; CYBERSECURITY - Actions Needed To Strengthen U.S. Capabilities The report points a finger at "Insider Threats" from federal workers on the government's vast cyber and computer system, joining "foreign nations" as a danger to sensitive and classified information and even personal info. The GAO also declared frustration with the Obama administration in its new report, over its failure to implement 1,000 security fixes needed to close the door to hackers, inside and out. In testimony to Rep. Barbara Comstock's subcommittee in February 2017, Gregory Wilshusen, director of information security issues for GAO, hit the government for failing to act on 1,000 of 2,500 cybersecurity recommendations it has made. The GAO report, requested by Rep. Barbara Comstock, the northern Virginia Republican who represents thousands of federal workers, is blunt in its assessment of the threats to cybersecurity. "Federal systems and networks are also often interconnected with other internal and external systems and networks including the Internet, thereby increasing the number of avenues of attack and expanding their attack surface," said the report. "Risks to cyber assets can originate from unintentional and intentional threats. These include insider threats from disaffected or careless employees and business partners, escalating and emerging threats from around the globe, the steady advances in the sophistication of attack technology, and the emergence of new and more destructive attacks," it added, pointing a finger to federal insiders. Source     Increasing Concern About Insider Threats At US Airports - House Homeland Security Committee Report - February 6, 2017 Highlights The House Homeland Security Committee Majority Staff has issued a report entitled ‘America’s Airports: The Threat From Within’ that examines employee screening at the approximately 450 airports in the U.S. under federal control and found that “much more needs to be done to improve the state of access controls and mitigate the insider threat facing America’s aviation sector.” According to the 21-page report: Approximately 900,000 people work at these airports, and many are able to bypass traditional screening requirements that travelers visiting the airports must endure. While the overwhelming majority of these airport workers take the inherent responsibility seriously, there are increasing concerns that insider threats to aviation security are on the rise. The report – the result of an investigation conducted by Transportation and Protective Security Subcommittee – continued: The Subcommittee has worked closely with the Transportation Security Administration (TSA) and the aviation stakeholder community to examine how we can work together to improve access controls and employee screening at our nation’s airports. “The recommendations outlined in this report, along with the requirements of the Aviation Employee Screening and Security Enhancement Act of 2017, which I introduced today, will serve as a roadmap for TSA, airports, and air carriers to close security vulnerabilities at our nation’s airports,” Subcommittee Chairman John Katko (R-NY) stated in a press release about the report. The Subcommittee “found that a majority of airports do not have full employee screening at secure access points” and that these airports “are unable to demonstrate the security effectiveness of their existing employee screening efforts, which consist largely of randomized screening by TSA officers or airport law enforcement personnel,” according to the press release. The report made nine recommendations that include examining the costs and feasibility of expanded employee screening, educating aviation workers on their role in mitigating insider threats, targeting the use of employee screening to be more strategic, and implementing the Federal Bureau of Investigation’s (FBI) RapBack Service for all credentialed aviation worker populations. Recent examples of insider threats discussed in the report include an attempt to detonate a bomb at an airport, gun and drug smuggling, and employees who became involved in terrorist activities overseas. The complete “America’s Airports: The Threat From Within” report is available online.     Healthcare Data Breaches Report - January 19, 2017 Highlights Data breaches in the U.S. healthcare field cost $6.2 Billion dollars each year. The average cost of a single data breach across all industries is $4 Million dollars, according to a 2016 study from IBM and Ponemon Institute. Approximately 90% of hospitals have reported a breach in the past two years, and most breaches are due to employee error. The average HIPAA settlement fine is approximately $1.1 Million dollars. Data Breach notification costs $560,000 on average. Costs affiliated with lawsuits average $880,000.00. Post data breach cleanup costs average $440,000.00 Healthcare organizations average $500,000.00 in lost brand value after a data breach, with some estimates reaching $50 Million dollars as an average amount in lost brand value. Source   Kroll Annual Global Fraud And Risk Report - 2016 / 2017 Highlights Data 82% of executives surveyed worldwide experienced a fraud incident in the past year compared to 75% in 2015. 85% of executives reported at least one cyber incident and over two-thirds reported security incidents. Fraud, cyber, and security incidents are now the “new normal” for companies across the world, according to the executives surveyed for the report, highlighting the escalating threat to corporate reputation and regulatory compliance. Despite widespread concerns about external attacks, the findings reveal that the most common perpetrators of fraud, cyber, and security incidents over the past 12 months were current and former employees. Six out of ten respondents (60%) who worked for companies that suffered from fraud identified a combination of perpetrators that included current employees, former employees, and third parties. Almost half (49%) said incidents involved all three groups. Junior staff were cited as key perpetrators in two-fifths (39%) of fraud cases, followed by senior or middle management (30%) and freelance or temporary employees (27%). Former employees were also identified as responsible for 27% of incidents reported. Overall, 44% of respondents reported that Insiders were the primary perpetrators of a cyber incident, with former employees the most frequent source of risk (20%), compared to 14% citing freelance or temporary employees and 10% citing permanent employees. Adding agents or intermediaries to this “Insider” group as quasi-employees increases the proportion of executives indicating Insiders as the primary perpetrators to a majority, 57%. Over half of respondents (56%) said Insiders were the key perpetrators of security incidents, with former employees again the most common of these (23%).   KPMG Report - Global Profiles Of The Fraudster - 2016 Highlights In a recent research report by KPMG, Global Profiles of the Fraudster, fraud is a global issue. It harms corporate reputations, costs millions and ruins lives. It's a heavy economic and moral burden on society. This report analyzed profiles of 750 cyber-crooks investigated by forensic specialists across 81 countries, and produced what it calls the "New Face Of Fraud"'   Some Of The Interesting Facts From This Report 69% Were Between The Ages of 36 and 55 65% Were Employed By The Company That Was Hacked 35% Were Executives Or Directors 38% Had Been With The Company For At Least Six Years 38% Described Themselves As Well-Respected In Their Company 62% Colluded With Others In Their Crimes How Is Insider Fraud Accomplished And Why? Creation Of False Or Misleading Information In Accounting Records : 24% False Or Misleading Information Via Email Or Another Messaging Platform: 20% Abuse Permissible Access To Computer Systems: 13% The report highlights technology as one of the key elements involved in white-collar crimes across the globe. While personal gain was the predominant overriding motivation for committing fraud (60%), the sense of “Because I Can” was third at 27%, according to the report. Source   US Defense Contract Management Agency - Malicious Or Accidental Insider Threats Have Caused More Problems In DoD - 2015 According to the US Defense Contract Management Agency (DCMA)’s director of operations, the Department of Defense has positioned itself quite strongly against external cyber threats, but malicious or accidental insider threats have caused more problems. This was largely because people within agencies largely “do what they want” and see security as a form of interference, he said. Additionally, some of the younger employees have “skills to successfully work around security protocols.”     Ponemon Institute Reports Employee Negligence Leading Cause of Insider Threats - Could Cost A Company Up To $1.5 Million - 2015 Employee negligence, which may be caused by multitasking and working long hours, can result in insider threats and cost companies millions of dollars each year. It can cost a U.S. company as much as $1.5 million and Germany companies €1.6 million in time wasted responding to security incidents caused by human error, according to a new survey of IT and IT security practitioners in the U.S. and Germany. The survey, commissioned by Raytheon / Websense and independently conducted by the information security industry leader Ponemon Institute, also revealed that 70 percent of U.S. survey respondents and 64 percent of German respondents report that more security incidents are caused by unintentional mistakes than intentional and/or malicious acts. (Source)     Mandiant Cybersecurity Firm Reports 100% Of Most Recent Incidents Involved Some Form OF Insider Threat - 2015 (Source)     Insider Threats To Credit Unions Survey - 2015 Highlights 83% of surveyed financial institutions admit their biggest concern is confidential information transferred to unauthorized recipients. 52% say they are worried about sensitive data being transferred by use of removable media. 77% of all credit unions surveyed said they do not believe or were unsure if they had complete protection regarding internal data threats. 62% stated they already have security controls in place. Source   Vormetic Insider Threats To Healthcare Report - 2015 Highlights 92% of 102 U.S.-based healthcare IT decision makers surveyed said their organizations are either "somewhat" or more vulnerable to insider threats. 49% felt "very" or "extremely" vulnerable to insider threats. 48% of healthcare organizations experienced a data breach or failed a compliance audit in the past year. 63% of healthcare IT decision makers said their organizations are planning to increase spending to offset data threats.   FBI / Department of Homeland Security Alert - 2014 Highlights A recent (2014) FBI and Department of Homeland Security alert reported that employees with an ax to grind are increasingly using Internet cloud services and other computer tools to hack their current or former companies. Companies victimized by current or former employees incur costs from $5,000 to $3 million. According to the FBI our nation’s secrets are in jeopardy, the same secrets that make a company profitable. The FBI estimates billions of U.S. dollars are lost to foreign competitors every year. These foreign competitors deliberately target economic intelligence in advanced technologies and flourishing U.S. industries. External data breaches by cyber criminals get a lot of attention, but frequently insiders are recruited by foreign competitors to gather and steal a company’s data.   SANS / Spectorsoft Insider Threat Survey - 2014, 2015 Highlights 74% of the 772 IT security professionals surveyed said they're concerned about insider threats from negligent or malicious employees. 32% said they have no ability to prevent an insider breach. 28% said insider threat detection and prevention isn't a priority in their organizations. 44% of respondents said they don't know how much they currently spend on solutions to mitigate insider threats. 45% said they don't know how much they plan to spend on such solutions in the next 12 months. 69%of respondents said they currently have an incident response plan in place, but more than half of those respondents said that plan has no special provisions for insider threats. 52% of survey respondents said they didn't know what their losses might amount to in the case of an insider breach. Source   SolarWinds Survey Investigates Insider Threats to Federal Cybersecurity - 2015 Highlights More than half (53%) of federal IT Pros identified careless and untrained insiders as the greatest source of IT security threats at their agencies, up from 42 percent last year. Nearly two-thirds (64%) believe malicious insider threats to be as damaging as or more damaging than malicious external threats, such as terrorist attacks or hacks by foreign governments. Further, 57 percent believe breaches caused by accidental or careless insiders to be as damaging as or more damaging than those caused by malicious insiders. Nearly half of respondents said government data is most at risk of breach from employees' or contractors' desktops or laptops. Top causes of accidental insider breaches include phishing attacks (49%), data copied to insecure devices (44%), accidental deletion or modification of critical data (41%) and use of prohibited personal devices (37%). (Source)   Vormetric Insider Threat Report - 2015 Highlights 93% of U.S. respondents said their organizations were somewhat or more vulnerable to insider threats. 59% of U.S. respondents believe privileged users pose the biggest threat to their organization. Preventing a data breach is the highest or second highest priority for IT security spending for 54% of respondents’ organizations. 46% of U.S. respondents believe cloud environments are at the greatest risk for loss of sensitive data in their organization, yet 47% believe databases have the greatest amount of sensitive data at risk. 44% of U.S. respondents say their organization had experienced a data breach or failed a compliance audit in the last year. 34% of U.S. respondents say their organizations are protecting sensitive data because of a breach at a partner or a competitor. (Source)   U.S. State Of Cyber Crime Survey - 2014 Highlights The incidents that typically fly under the media radar are insider events. 28% of respondents pointed the finger at insiders, which includes trusted parties such as current and former employees, service providers, and contractors. 32% say insider crimes are more costly or damaging than incidents perpetrated by outsiders. The larger the business, the more likely it is to consider insiders a threat; larger businesses also are more likely to recognize that insider incidents can be more costly and damaging. Only 49% of all respondents have a plan for responding to insider threats. Source   GAO Report On Personnel Security Clearances - 2014 Highlights A Government Accountability Office (GAO) report reviewed the eligibility of individuals accessing classified information. Access to classified information was revoked in 2009-2013 for more than 18,500 military and civilian employees and contractors working for the Department of Defense (DoD), according to an audit. (16,000 Military-Civilian Employees And For 2,500 contractors). The report examined the most common reasons for revoking clearances by the DoD for fiscal year 2013. The top causes for civilian and military personnel were criminal  conduct, involvement with drugs and personal conduct. Top reasons for contractors were financial considerations and personal and criminal conduct. The report also examined revocations by the Department of Homeland Security (DHS), although only for fiscal year 2013. About 125,000 DHS civilian and military employees were eligible to access classified information as of March 2014. DHS revoked eligibility for 113 personnel during fiscal year 2013 the report said.   Organizations Lack Training And Budget To Mitigate Insider Threats - 2014 Highlights An Insider Threat Survey conducted by Spectorsoft (Now Veriato) of 355 IT and security professionals revealed the following; 61% stated they didn’t have the ability to deter an insider threat. 59% stated they couldn’t detect an insider threat. 60% of stated that they weren't prepared to respond to insider attacks. 35% stated that they had already experienced an insider attack, with 41% of those attacks involving financial fraud, 49% of them involving a data leak, 16% involving intellectual property theft.   Other Insider Threat Reports DoD Top Management Challenges Report For 2018 (Insider Threat Pages 31-38) GAO Report: Insider Threats In The DoD - 2015 PERSEREC: Espionage Case Summaries From 1975-2008 PERSEREC: Espionage By Americans From 1947-2007 DoD Insider Threat Mitigation Report - 1999     Insider Threat Mitigation Requires Senior Management Support Senior Management must address the questions below if they are serious about mitigating the Insider Threat and protecting an organization assets. Has your organization given serious consideration into what employees are really doing with the organization’s most critical information? Does your organization have visibility into its employees actions on your information systems, databases and networks that store intellectual property, proprietary information and sensitive information? Can your company afford to loose its critical market share and let this information get into the hands of your competitors? Could the loss of this information cause your company bad publicity, damage to your company's reputation and stock prices, cause your company to face legal action, or put your company out of business?