We don’t like to consider it but whichever way we view it, the fact remains that sometimes people that work alongside us can do harm, to the work we do, the assets we have, the team and business we share and potentially to themselves, our colleagues and ourselves. In addition to catastrophic incidents of violent attacks against people within the workplace, a range of incidents exist which can harm an organisation. This can include the theft of intellectual property, the inadvertent disclosure of trade secrets and leaks about business activities which can result in physical and reputational harm.
Despite the belief that attacks only take place in a cyber domain, a lapse in security mindedness and vigilance by individuals can result in the loss of sensitive information. People may inappropriately share information with others who don’t need to know, may work in environments that are open to others observing their activities or potentially may provide information regarding patterns of life and work to observant and highly trained hostile actors who know what to look for. This can subsequently be used to harm our people, assets and reputation.
The COVID-19 pandemic and the stress attached to the resulting financial insecurity, mental and physical health complications, have potentially exasperated this situation. Despite reports of improved levels of employee well-being resulting from the increased opportunities to work from home, there are undoubtably difficulties attached to maintaining engagement and motivation levels within a workforce, located remotely across the world. This environment may require the adoption of an array of personnel security controls designed to proactively monitor user behaviours, in addition to the adoption of new team engagement and interaction methods on the part of managers.
The increase in disengaged, disenfranchised and disgruntled employees who were once highly motivated and productive individuals, can increase the risk of underperformance, the growth of discontent within other areas of the business and crucially increase levels of IP theft and information leaks. Although leaks have always taken place, recent examples have demonstrated a need for us to consider the adoption of a change in our strategy to managing insider threats. While this area of security has traditionally categorised insiders into groups of infiltrators, exploited individuals, malicious actors as well as those who are responsible for inadvertent damage and loss caused by mistakes or a lack of professional awareness, there has been a paradigm shift in this area in recent years.
Recognising that a number of precursors of behaviour may exist and therefore may provide preventative opportunities to mitigate this threat, we can work with your organisation to design proactive detection and management systems which help to identify and prevent incidents from taking place. This approach manages insider threats in a proactive manner that utilises collaboration between human resources, wellness, behavioural, legal and security teams. This team effort will help to mitigate security threats that come from malicious actors but additionally will provide opportunities for organisations to care for employees whose personal state of distress may be leading to the adoption of inappropriate behaviours. Such partners may just need some support to get back on track.
The effective mitigation of the human threat factor requires for organisations to determine what is a normal baseline for an individual, so as to enable the early identification of deviations. This requires for and supports the ongoing growth of a competent Security Culture, within which partners support each other and encourage appropriate security behaviours and increased levels of vigilance. The development of this requires support from organisational leadership for the ongoing design and delivery of a Security Culture program, designed to achieve a range of objectives, including the effective mitigation of insider threats. A Security Culture programme is a proactive approach to improving the security and resilience posture of an organisation through a range of activities, many of which are supportive of the wider wellness of a workforce. By feeling cared for, partners are more likely to care for each other and care for the organisation they belong to. Partners subsequently become more vigilant, aware of the activities around them are more likely to report potentially harmful activities. Crucially the increase in caring for each other can itself act as a deterrent. Hostile actors who observe high levels of care demonstrated by a workforce, within which it is commonly accepted to say hello and to ask how people are, may be less confident in attempting to conduct social engineering attacks or malicious penetrations, for fear of detection.
The effective management of the human threat vector requires for a holistic approach to security. This approach involves the identification and deployment of effective security systems, processes and people. Emerging Risks Global can work with your teams, to help you to develop a competent and vigilant Security Culture, through assessing the state of existing behaviours and attitudes, delivering training designed to encourage behavioural change, reviewing processes to ensure effectiveness and identifying and implementing effective physical security solutions to protect assets and information.
Comments