Top 10 Cybersecurity Blogs for Insider Threat News

We’re big insider threat news and analysis junkies over here at Proofpoint. In fact, if there was a CSPAN equivalent for insider threat news, we’d be tuned in 24-7. (OK, we may need a new hobby.)

This love of all things insider threat is why we compiled a list of our favorite cybersecurity blogs for insider threat news, research, and opinions. Not to mention, being “in the know” could mean the difference between an insider mistake and a costly data breach.

In no particular order, here are the top 10 cybersecurity blogs and insider threat news sites we’re loving right now:

1. Carnegie Mellon Insider Threat Blog

   Carnegie Mellon’s Software Engineering Institute (and CERT coordination center) produces an insider threat blog that’s packed with information, ranging from technical methods to improve cybersecurity defenses, to research on effective insider threat prevention, to discussions on how to map cybersecurity performance indicators. It’s a must-read for anyone in the industry.

1. Krebs on Security

   Former Washington Post investigative reporter Brian Krebs has been interested in cybersecurity since a Chinese hacking ring took over his home network in 2001. Since then, he’s dedicated his career to learning more about the motivations of hackers and breaking news on the latest vulnerabilities. Krebs regularly features posts on insider threat trends, like this one about disgruntled employees taking to Darknet forums to share sensitive company IP.

1. Dark Reading

   Dark Reading is one of our favorite news publications featuring the latest-breaking studies on insider threat, as well as third-party opinions from people in the industry. Fair warning, prepare for a temporary loss of faith in humanity, thanks to headlines like “72% of CEOs admit to stealing IP from their former employers.” (Yeowch!)

1. Recorded Future Blog

   Just because threat intelligence company Recorded Future spends most of their time hunting down external threats, there’s still plenty of room to learn about insider threats on their blog. The company offers interesting analysis on how the behavior of malicious insiders can mirror that of an external threat, which is valuable information if you’re wondering where nefarious employees can go to sell company secrets (like here, for example).

1. CSO Online

   Getting inside the mind of a CSO has never been easier. CSO Online breaks down news, viewpoints, and analysis those in security management care about most, from relevant studies, to threat research, to interviews with practitioners at the top of their game. As a bonus, contributor network columnist Christopher Burgess also writes on the latest insider threat news (fun fact, he spent over 30 years with the CIA).

1. Forrester Blog (Ft. Joseph Blankenship)

   Senior Forrester Analyst Joseph Blankenship supports security and risk professionals and spends a lot of time researching the insider threat risks organizations face (and related solutions). His blog posts typically feature postmortems and lessons from insider threat breaches, as well as analysis on how security professionals can create secure operations centers to effectively address insider threat risks.

1. SecurityRoundtable.org

   Produced by Palo Alto Networks (although it’s hard to tell by their extensive network of third-party contributors), Security Roundtable provides security news for the executive suite, giving a different spin than practitioner-oriented blogs. Look here to learn about issues such as how to present cybersecurity initiatives to your board, and the risks of phishing attacks in chatbots.

1. Schneier on Security

   CTO of IBM Resilient, a fellow at Harvard's Berkman Klein Center, and a board member of EFF, Bruce Schneier is known for being a top cybersecurity expert. His blog regularly covers the latest threats, policy papers, and analysis on unique topics such as police digital forensics techniques. While his articles are not solely dedicated to insider threat, we think Schneier’s blog is an essential read for an academic spin on the security world.

1. Cybersecurity Insiders

   Cybersecurity Insiders CEO Holger Schultze also runs the research group Crowd Research Partners, a prolific producer of independent security research. The Cybersecurity Insiders publication itself has an entire channel dedicated to insider threat, including vendor analysis, news and research. Holger has one of the most extensive followings in the cybersecurity community, and the quality content is a great reason why!

1. Proofpoint's Insider Threat Blog

   You didn’t think we’d get through a top 10 list without mentioning our own blog, did you? (Although it took a lot of restraint to list ourselves last, if we’re being real.) The goal of the Insider Threat Blog is to give you the latest news and advice on detecting, preventing, and monitoring for insider threats.

   From tips on creating and enforcing effective insider threat management programs, to deep dives into the causes of insider threat, we’ll hope you follow us on Twitter @Proofpoint to keep up with the latest news for cybersecurity practitioners.