Since 2001, the Insider Threat Center in the CERT division of the Software Engineering Institute has collected and analyzed thousands of insider incidents, where insiders have maliciously or unintentionally harmed organizations.  From this empirical data set, models were built to describe how insider incidents tend to evolve overtime and from these models, potential risk indicators (behavioral and technical) were identified to assist organizations to detect insider threats.

This presentation will focus on the technology driven changes (e.g. Artificial Intelligence, Machine Learning, Deep Learning) to the insider risk landscape, highlighting recent incidents, with a focus on the techniques, tactics, and procedures used by insiders and how technology changes have increased the risk of an insider incident across the DoD, USG, industry, and academia.

During the presentation an insider risk program framework will be presented, providing a roadmap for organization who are considering building an insider risk program as well as strategies for measuring the effectiveness of an existing insider risk program. 

To conclude, best practices to mitigate insider threats will be reviewed, with a spotlight on those that seek to identify changes to a technology baseline creating increased risk of an insider incident.