Unintentional Insider Threats: A Review of Phishing and Malware Incidents

Abstract

The research documented in this paper seeks to advance the understanding of the unintentional insider threat (UIT) that results from phishing and other social engineering cases, specifically those involving malicious software (malware). The research team collected and analyzed publicly reported phishing cases and performed an initial analysis of the industry sectors impacted by this type of incident. This paper provides that analysis as well as case examples and potential recommendations for mitigating UITs stemming from phishing and other social engineering incidents. The paper also compares security offices' current practice of UIT monitoring in the current manufacturing and healthcare industries' practice of tracking near misses of adverse events.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jul 01, 2014
Accession Number
ADA610364

Entities

Organizations

  • Carnegie Mellon University

Tags

DTIC Thesaurus Topics

  • Best Practices
  • Case Studies
  • Command And Control
  • Commerce
  • Cybersecurity
  • Engineering
  • Governments
  • Information Security
  • Information Systems
  • Insider Threats
  • Phishers
  • Security
  • Social Engineering
  • Software Development
  • Threats
  • Training
  • United States

Readers

  • Cybersecurity.
  • Psychological Intervention/Treatment for Stress, Anxiety, PTSD, and Related Emotional and Cognitive Health Symptoms.
  • Systems Analysis and Design

Technology Areas

  • Cyber