Security Awareness
This type of attack uses phone calls or voice messages to trick someone into revealing information or taking action.
What is vishing?
This term describes any external company, individual, or organization that provides products or services to your organization but is not directly employed by you.
What is a Third Party/Vendor?
This is the potential for financial loss, reputational damage, regulatory impact or client harm resulting from threats that originate in the digital environment.
What is Digital Risk?
This line of defense owns risk and implements controls directly in day-to-day operations.
What is the 1st Line of Defense?
This is the largest ocean on Earth.
What is the Pacific Ocean?
This type of phishing targets a specific person or group using personalized details.
What is spear phishing?
In the famous 2013 retail data breach affecting 40 million credit cards, hackers first gained access to Target's network by stealing credentials from this type of service provider.
What is an HVAC Contractor?
This is the most common type of insider threat: an employee who unintentionally creates risk through careless behavior, policy violations, or poor security hygiene.
What is a negligent insider?
This type of document defines what is expected at a high level, without explaining the technical steps.
What is a policy?
This is the longest-running animated TV series in U.S. history.
What is The Simpsons?
This type of scam often involves a compromised or spoofed executive or vendor account requesting urgent wire transfers, gift cards, or payment changes.
What is business email compromise?
This type of independent audit report — issued by a certified public accounting firm — is frequently requested from cloud and SaaS vendors to verify that their security controls are properly designed and operating effectively.
What is a SOC 2 Report?
This category of security tooling helps Insider Risk teams identify risky data transmission patterns, including sensitive data leaving through email, cloud uploads, removable media, and other channels.
What is Data Loss Prevention (DLP)?
In information security governance, these tell an organization what must be achieved.
What are regulations?
This element has the chemical symbol K.
What is Potassium?
This principle means employees should only have access to the systems and information necessary to perform their job duties.
What is least privilege?
In this 2020 cyberattack, state-sponsored hackers inserted malicious code into a signed software update from a widely trusted IT monitoring platform, compromising approximately 18,000 organizations including multiple U.S. federal agencies.
What is the SolarWinds Attack?
This type of insider threat can be especially difficult to detect because they are trusted, understand monitoring capabilities, and may act slowly within their normal behavioral patterns.
What is a malicious insider?
“Employees shall use multi-factor authentication when accessing company systems” is an example of this type of governance statement.
What is a policy statement?
This animal is known for having the strongest bite force of any living animal.
What is a saltwater crocodile?
This is the practice of validating identity, device health, access rights, and context continuously rather than automatically trusting users inside the network.
What is Zero Trust?
Under this European data protection regulation, organizations must ensure their third-party vendors meet strict privacy requirements, and non-compliance can result in fines up to 4% of global annual turnover.
What is GDPR (General Data Protection Regulation)
These are the three main categories of insider risk actors: one acts carelessly, one acts intentionally, and one has had legitimate access taken over by an outside attacker.
What are negligent, malicious, and compromised insiders?
This is the best classification for the statement: “Organizations must implement safeguards to prevent unauthorized access to confidential information.”
What is a regulation or external requirement?
This is the only team to complete a perfect NFL season including the Super Bowl.
Who are the 1972 Miami Dolphins?