Spread the love

Post Views: 20

Every generation has lived in ‘unprecedented times.’ Why is that? The variables are constantly changing. Currently, a few factors can make it even more tumultuous if you are concerned with your business’s security. But it’s not all bad news, and please don’t panic. There are steps and considerations we can all take to protect our financial and intellectual assets.

The past three years have seen a rise in sanctions and political pressures, waves of recessions, and higher employee turnover due to the forces of instability we have all contended with. The attack on the power grid in Moore County, North Carolina and the leak of information from the Supreme Court show that immediate and impactful information can be in the wrong hands. According to a recent report, insider threats accounted for almost 35% of all unauthorized access threat incidents in Q3 of 2022. You know the danger is real, so what can you do about it? It comes down to your Insider Threat Program (ITP) design.

When you think of ITP design, like many, your first thought might be to assume it comes down to layers and redundancy, such as two-factor authentication, data loss prevention and other technical stopgaps. The heart of the matter is much more human.

Get support/buy-in from the right C-level member.

A program is only effective if it’s utilized and supported by the company, meaning you need executive leadership onboard and actively participating. In my experience, the most crucial indicator of a successful ITP is the level at which the executives are engaged.

The specific title may vary. Your chief operations officer or General Counsel re often your best candidates with broad organizational positioning – allowing them and your ITP to receive the support you need them to be effective.

Recognize a potential threat, and make a change.

70% of all insider threat cases relate to some financial motive. Understanding the different financial and compensation structures that impact different teams is an excellent place to start. At big banks, traders have different financial incentives than most other employees. The same can be said of many business development executives in many corporations. Recognizing these disparities in incentive structures may increase risk, and taking actions to decrease the likelihood of threats makes sense.

Where most ITPs miss the mark – not understand the culture.

In my experience, 90% of the time I’ve analyzed organizations, corporate and team culture is never mentioned in recognizing and addressing insider threat issues. Organizations are complex, and the factors contributing to corporate culture – the shared attitudes, values, goals, and practices – are also complex and intertwined. An effective ITP incorporates reviewing organizational practices, which may increase the potential risk of insider threats.

Such reviews may discover policies that inadvertently benefit one employee group over another, thereby increasing workgroup tension, such as the financial incentive programs mentioned earlier. Another example may be circumstances where one set of employees has unrecognized extraordinary access to corporate trade secrets or sensitive intellectual property.

A successful approach means realigned focus with intent.

Effective ITPs are led from the organisation’s top and focus on the employees. Technology is vital to identifying potential risks and understanding the context within which employees work. You may not think your company is a prime candidate for an insider threat incident. I would tell you and your shareholders that any company can suffer a catastrophic loss from an insider incident. I have seen the impact a single insider incident can have on sophisticated pharma and technology companies, manufacturers of goods, and commercial construction firms. The risks are significant; not taking the time to be deliberate in thinking through the risks and developing your ITP is a risk in itself, one where you might remain unaware of the risks you face.

Business is business. But business is also a micro-society with many stakeholders in your charge. Take it seriously.