This Month'S National Insider Threat Awareness Month Focus

THISMONTH’SFOCUSDID YOU KNOW?Most insider threatsdisplay concerningbehaviors or riskindicators prior toengaging innegative events.CDSE – Center forDevelopment of SecurityExcellence@TheCDSECenter for Development ofSecurity ExcellenceNATIONAL INSIDER THREAT AWARENESS MONTHThe frst National InsiderThreat Awareness Month(NITAM) was launchedin September 2019 asa joint efort betweenfederal agencies and theinsider threat practitionercommunity to emphasizethe importance ofsafeguarding our nationfrom the risks posed byinsiders, and to share bestpractices for mitigatingthose risks. The 2019 efortwas a rousing successand started what has nowbecome an annual event.The theme for this year’srecognition is Resilience.No one could’ve predictedthe security challengeswe would face in 2020.COVID-19 has presented aunique risk environment,increasing both threatsand vulnerabilities.Insider Threat programsare uniquely positionedto meet this challenge,deploying multidisciplinaryteams to deter, detect,and mitigate insider riskwhile protecting theprivacy and civil libertiesof the workforce. InsiderThreat programs are alsoproactive in nature, canoften mitigate risk before anegative event occurs, andcan foster both individualand organizationalresilience leading topositive outcomes for all.Unfortunately, insiderthreat incidents are onthe rise, and there is nosuch thing as a victimlessinsider incident. Theyhave impacted publicand private organizations,caused damage to nationalsecurity, resulted in the lossor compromise of classifedinformation, and in themost tragic cases, led to theloss of life. The PonemonInstitute, a research centerdedicated to privacy, dataprotection, and informationsecurity policy, recentlypublished a study oncybersecurity incidentscaused by insiders. Thestudy found that incidentshave increased by 47%since 2018, and the averageannual cost of insiderthreats has skyrocketedto 11.45 million. Thatis a 31% increase in justtwo years. As a result,raising awareness of theInsider Threat and therole of Insider Threatprograms in mitigatinginsider risk is critical fornational and economicsecurity. Federal agencies,DoD components, andindustry have partneredto bring this informationto their workforces andthe general public. TheCenter for Development ofSecurity Excellence (CDSE)has led this efort with acomprehensive campaignresulting in NITAM.Sign up for the latest security awareness newsletters at https://www.cdse.edu/news/index.html1

CDSE has dedicated anentire website to NITAM2020. This site will helpidentify a variety ofproducts and resourcesavailable for use withinan organization. Fromutilizing customizableawareness materials, tohosting an Insider ThreatAwareness day, actionsboth small and large willhelp bring attention tothe counter-insider threatmission. It is importantto remain vigilant at alltimes. Security threats areconstant and dynamic, andincrease during times ofstress and chaos.Rebecca Morgan, Chief ofthe Insider Threat divisionat CDSE, recently spokeat a webinar about thepandemic. She said, “Whenwe think about managingrisk in this environment, wehave to acknowledge thatit is more dynamic thanever.” According to a reportpublished by a leadingprovider of IT securitysoftware and hardwareproducts, malicious actorsare leveraging COVID-19to launch cyberattacks(phishing emails, maliciousapps), scams (charityscams, vaccine scams),disinformation and maligninfuence (misinformationabout virus origins andcures), and supply chainthreats. The report alsorevealed that over 30,100domains related to thepandemic were registeredin March. Of those, 0.4%(131) were malicious and9% (2,777) were consideredsuspicious. Trusting justone of these compromisedsites could open the doorto malware and potentialdata theft. The risks areclear and present, andshould be taken seriously.But, the goal of the insiderthreat program is not justto catch people when theydo something wrong – it’sabout helping them beforethey even start down thewrong path.William Evanina,Director, NationalCounterintelligence andSecurity Center (NCSC),recently stated, “Thereare deeply personalhuman struggles relatedto healthcare, child care,fnancial insecurity, andpolitical and culturalfssures. The risks forespionage, unauthorizeddisclosure, fraud, theft andeven unwitting insiderthreat actions are higherthan ever.”The stress and pressuresof the current healthand socio-politicalclimate certainly havethe capability to increasevulnerabilities. However,the purpose of insiderthreat programs, and whythey aim to deter, detect,and mitigate risk, is to turnpeople around, not turnthem in. These programsare multi-disciplinary innature and are designed toevaluate the entirety of asituation in proper context.They treat each inquiry asan individual matter whilebalancing and respectingprivacy and civil liberties.Mitigation responseoptions often includesolutions that provide helpand resources for those inneed.CDSE has produced theVigilance Video series,eight episodes highlightingemployees who observeinsider threat indicatorsin their coworkers andreport their observations.Their goal is to get theircoworkers the help orintervention they need andprotect their organizations’information, facilities, andpersonnel.This month and beyond,take the necessary stepsto educate yourself, yourorganization, and yourstakeholders on insiderthreats and learn tominimize and mitigate risks.This year has presented ahost of security challenges,but we must adapt tothem to safeguard thenation. Threats havechanged, vulnerabilitieshave changed, and thecountermeasures usedto mitigate risk need tochange right along withthem.Sign up for the latest security awareness newsletters at https://www.cdse.edu/news/index.html2

WE MAKE IT EASY TOPARTICIPATE IN NITAM 2020Our new NITAM webpage provides you withawareness materials tobuild your insider threatprogram and help yourorganization detect, deter,and mitigate insider threatsthrough increased vigilanceand awareness. Considerhosting an Insider ThreatAwareness day or includinglearning resources in yournewsletters and emailcommunications. Or, giveyour organization a tool toreport suspicious behaviorwith our customizable “seesomething, say something”card. Whichever pathyou take, you can do yourpart to safeguard nationalsecurity and help bringattention to the counterinsider threat mission.Users can downloadposters, play vigilancegames, watch videos, andaccess resources in a toolkitto promote insider threatawareness all year long.The app maintains a 5-starrating on Apple.INSIDER THREAT SOCIAL @InT AwareGio is a securitymanager with increasingresponsibilities. Like mostpeople, he has good daysand bad days. Watch thevideo to see how Giomanages his work and lifewhen pushed to the limit.Resilience is the capacityto recover quickly fromdifculties and stressfulHAVE YOU DOWNLOADED THE APP?Earlier this year, CDSE rolledout the Insider ThreatSentry mobile phoneapplication and made itavailable to users in the appstore for Android and iOS.The app provides directaccess to relevant insiderthreat content in one easyto-use place.NEW ANIMATIONDEMONSTRATES RESILIENCEsituations. Buildingresilience helps individualsdevelop behaviors,thoughts, and actionsthat promote emotionalwell-being and mentalhealth. Without thisattribute, some people areat increased risk to becomean insider threat.PERSONAL RESILIENCE ANDINSIDER THREAT WEBINAR:HARDENING THE TARGETWatch our on-demandwebinar featuring abehavioral psychologyexpert who talks aboutpersonal resilience andinsider threat. What does“Hardening the Target”mean and how canorganizations take thenecessary steps to protecttheir people and data?Access it here.Sign up for the latest security awareness newsletters at https://www.cdse.edu/news/index.html3

INSIDER CASE STUDY:SHAMAI LEIBOWITZRead, then learn aboutthe indicators andconsequences of linguistand sed200 pagesof classifedinformationto anunauthorizedrecipient here.Based on our surveys, CDSEcase studies are some ofthe most downloadedperformance support toolson our website. Securityprofessionalscan exploremore willfulunauthorizeddisclosuresthat putintelligencesources,methods,andoperationsat risk. Tofnd more like this,visit the NITAM web pageor our new searchablecase study library.HAVE YOU CONSIDEREDBECOMING A COUNTER-INSIDERTHREAT PROFESSIONAL?If you’re a current DoDor federal agency insiderthreat professional lookingto take your expertise tothe next level, becominga Certifed Counter-Insider Threat Professional(CCITP) - Fundamentals orAnalysis specialty - couldbe for you. Achieving thiscertifcation will not onlyset you apart in the insiderthreat profession, it willalso help you establishworkforce credibilityand foster a professionalidentity. The CDSE hasmultiple resources to helpyou prepare, includinga deskside referencejob aid, registrationinformation, and morehere.INSIDER THREAT ELEARNING COURSES:Online learning is essential for professionals in thesecurity feld. Scroll through more than a dozeneLearning courses in the CDSE catalog and learnhow to help your program detect, deter, andmitigate insider threats by increasing awareness andpromoting reporting.NEW CDSE PSAsNOW AVAILABLEAre you a securitymanager looking to shareinformation with yourorganization about CDSElearning opportunities?Spread the word about ourfree Training, Education,and Certifcationprograms with these threeseparate Public ServiceAnnouncements (PSAs):TRAININGEDUCATIONCERTIFICATIONAny questions or more information aboutthese PSAs can be directed milSign up for the latest security awareness newsletters at https://www.cdse.edu/news/index.html4

LINKS TO MORE INSIDER THREAT RESOURCES:NITAM 2020 web ional Insider Threat Task 449NCSC Awareness arenessmaterialsCDSE Insider Threat x.phpCDSE Resilience lience.htmlCDSE Vigilance lance.htmlWHAT STUDENTS ARE SAYING“This was one of thebest online trainingsessions I’ve takenfor content, voicetracking, and style.”– Student“I feel that the insiderclasses have openedup doors that havemade me more awareof insider threats.”– StudentCourse: Insider Threat Awareness – INT101.16WHAT’S COMING IN OCTOBER?October is National Cybersecurity Awareness Month! Thisyear, CDSE's focus is on cybersecurity at home and in theoffice to raise awareness about the importance ofsecuring our work environments. Stay tuned for updateson cybersecurity games and a two-part webinar series.In addition, three Know Your CDSE Speaker Series eventsare scheduled for October 1, 8, and 27, virtually coveringCybersecurity, Industrial Security, and Personnel Securitycourses, performance support tools, and resources toenhance your knowledge and skills. Sign up today!DID YOU MISS THE INSIDERTHREAT VIRTUAL SECURITYCONFERENCE?In case you missed the Virtual Security Conference onSeptember 3, CDSE Insider Threat Division Chief andConference Host Rebecca Morgan is making the eventresources available to insider threat practitioners,counterintelligence and security professionals fromthe DoD, federal agencies, private industry, criticalinfrastructure sectors, and academia. Stay tuned formore information.ON-DEMAND WEBINAR:COUNTERINTELLIGENCE &INSIDER THREAT IN THE TIMEOF COVID-19In case you missed this webinar lastmonth, you can still watch it and learnhow COVID-19 has created uniqueinsider threat challenges. During this60-minute event, our subject matterexperts discuss the changing threat andvulnerability environment and how thecountermeasures we use to mitigate risk needto change along with them. Access it here.Sign up for the latest security awareness newsletters at https://www.cdse.edu/news/index.html5

insider threat practitioner can foster both individual two years. As a result, community to emphasize and organizational raising awareness of the the importance of resilience leading to Insider Threat and the safeguarding our nation positive outcomes for all. role of Insider Threat . from the risks posed by . programs in mitigating