The term “insider threat” sounds very ominous, but any time you trust an individual or another organisation with access to information they can be considered as a potential “insider threat” – whether intentional or not. In some cases, these can be former or even current staff and if they share access data the disruptions and cost can cause an incredible volume of damage.
Global data breaches are increasing at alarming rates and the NITTF (National Insider Threat Task Force) has reported the increase across all sectors. The results of these breaches can include disruption of productivity, theft of intellectual property, sensitive data leaks, and loss of proprietary information. Managers are taking this topic seriously and are instituting proactive actions to assist in circumventing before a problem starts.
Insider threats cover a gamut of topics, from breaches to workplace violence. The financial price that is associated with insider threats can run into the millions and be enough to destroy a company. Managers of businesses of all sizes are instituting “Threat Mitigation Programs” that are finely tuned and include the entire organisation. Working with a professional security organisation managers can create customised programs that can be early alerts, saving money, stress, and potentially lives.
A Standard Threat Mitigation Program:
You can view a threat mitigation program as one that expands as both an encouragement and incentive program that offers training and awareness to help to correct behaviour.
Each program should be tailored to the unique needs of the business and include procedures and policies as well as management practices that offer to guide, educate, and bring employee benefits to prevent wrongdoings.
When (or if) any threat is detected such as physical harm, espionage, sabotage, etc. the program will have aggressive enforcement that balances with a company’s culture and mission. Policies should build on the concept of prevention and reporting as a method of well-being and reinstating a positive attitude for the resilence of both staff and company.
There should be a network of identifying, detecting, and reporting that is supportive of the individuals, maintaining confidentiality, protecting civil liberties and presented in a non-threatening manner. This will allow individuals that may be involved in the threat can be offered help and/or stopped before harm can occur.
Methods to create a threat mitigation program for Inside Threats
The best method of creating a Threat Mitigation Program is to work with trained security specialists to:
- Craft the insider threat program specifically for the culture, environment, and unique mission of the organization.
- Construct a prevention and reporting structure that is a foundation of positive statements and establishes the understanding that it’s for the well-being of the individuals and the organization.
- Use multi-disciplinary actions that can be employed by dedicated staff based on their expertise and reinforced by technologies. Technologies that allow risk analysis and risk tolerance to any intentional or unintentional acts that are malicious or are from negligence.
- Create a company-wide transparent framework that offers identification, detection, assessment, management, and prevention of or to protect against insider threats.
- A continued emphasis on a supportive and protective culture within the organization that protects the civil liberties of all and works to assure confidentiality.
- Provide a non-threatening and safe environment where all that may potentially pose a threat are identified and assisted prior to actions causing harm.
“The concept of insider threat is a very real potential for many companies. While no one wants to think of current or past staff as posing a threat, both intentional and non-intentional situations do happen. DaVinci Cybersecuity team members are specialists in helping managers to develop the kind of customised mitigation programs that will assure a sense of ease and transparency for the entire organisation.”
Sharon Knowles, CEO DaVinci Cybersecurity