As organizations expand their reliance on third-party providers, insider threats—whether driven by malice or mistake—become increasingly difficult to detect and control. This session, presented in collaboration with the CERT Division’s Insider Threat Center and Risk Management team, explores the critical intersection of insider risk and supply chain security. Using real-world examples, the session will highlight the challenges of monitoring and mitigating threats from both internal actors and Trusted External Entities (TEEs).

In this session you will:

• Examine real-world insider incidents that reveal how third-party relationships can expand attack surfaces
• Learn strategies to integrate insider threat considerations into enterprise-wide risk management programs
• Discover tools and metrics to help build, assess, and maintain a trusted ecosystem of external providers