Speaking on the Top Cyber Pro podcast, Deanna D. Caputo, MITRE chief scientist for insider threat capabilities, emphasized the importance of distinguishing between different types of insider behavior, particularly the need to separate malicious actors from non-malicious ones.
"We have to break down the different types of insider threats. First, there are malicious insiders. These are people who decided to do something harmful. They know what they're doing is wrong, and they know it's going to have a negative outcome," said Caputo. "Malicious insider threats often involve unauthorized disclosure, intellectual property [IP] theft, or espionage, especially when foreign actors are involved."
As she develops MITRE's Insider Threat Framework, she advocates for an approach that is both action-oriented and strategically scalable.
"My motto for the team is: 'think big, start small, move fast,'" said Caputo. "We're intentionally chopping the problem into pieces; you're not going to solve insider threats all at once.”
Caputo also highlighted the value of applying behavioral science to insider threat detection, especially the challenge of bringing psychological insights into practical, real-world security settings.
"We can learn a lot from how behavior changes with intention. We also know certain attitudes are linked to higher risk. That's not how security works; you need to observe behavior non-intrusively, often without the subject even knowing," said Caputo. "We need to validate that those observations align with what people would self-report."
She stressed the importance of real-world collaboration in advancing insider threat research, particularly the critical role of partner organizations in enabling ethical, data-driven studies.
"All our research is done with real employees, in real environments, using real systems. That requires organizations that let us engage with employees in legal, ethical ways," said Caputo. "If you're forward-thinking and want to contribute, we welcome partners. Some bring data, some provide employee access, others bring funding. All are valuable."