Unintentional Insider Threats: A Review of Phishing and Malware Incidents

reportActive / Technical Report | Accession Number: ADA610364 | Open PDF

Abstract:

The research documented in this paper seeks to advance the understanding of the unintentional insider threat UIT that results from phishing and other social engineering cases, specifically those involving malicious software malware. The research team collected and analyzed publicly reported phishing cases and performed an initial analysis of the industry sectors impacted by this type of incident. This paper provides that analysis as well as case examples and potential recommendations for mitigating UITs stemming from phishing and other social engineering incidents. The paper also compares security offices current practice of UIT monitoring in the current manufacturing and healthcare industries practice of tracking near misses of adverse events.

Author(s):
No Author(s) Identified
Author Organization(s):
CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST
Pagination:
0008

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:
Approved For Public Release
Distribution Statement:
Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR
Identifying Numbers
Contract/Grant Number(s):
FA8721-05-C-0003
Monitor Series:
DHS
 Subject Terms
Joint Capability Areas:
JCA_7_Protection; JCA_5_Command and Control; JCA_3.2_Engagement; JCA_3_Force Application; JCA_3.2.2_Non-Kinetic Means; JCA_7.2.1_Mitigate Lethal Effects; JCA_7.2_Mitigate; JCA_8_Building Partnerships; JCA_6_Net Centric; JCA_8.2_Shape; JCA_7.1.2_Prevent Non-kinetic Attack; JCA_7.1_Prevent; JCA_8.2.4_Leverage Capacities and Capabilities of Security Establishments; JCA_6.4.1_Secure Information Exchange; JCA_6.4_Information Assurance; JCA_5.2_Understand; JCA_5.2.3_Share Knowledge and Situational Awareness; JCA_4.6_Engineering; JCA_5.3_Planning; JCA_1.2_Force Preparation; JCA_1_Force Support
Communities of Interest:
No COI(s) Identified
Descriptor(s):
*COMPUTER NETWORK SECURITY, *COMPUTER VIRUSES, INDUSTRIES, SECURITY, STATISTICS, THREATS, TRACKING
Field(s)/Group(s):
Computer Systems Management and Standards
Keyword(s):
*UIT(UNINTENTIONAL INSIDER THREATS), PHISHING, MALWARE, SOCIAL ENGINEERING, NEAR MISSES, SOCIAL THREAT VECTORS
Report Date:
2014 Jul 01
Creation Date:
2014 Dec 03