Insider Threat & Risk Management
The recognition of insider risks in companies and organisations is growing now outside defences are becoming more mature. As technological defences are strengthened, little to no further measures are taken internally, with the consequence of the insider threat increasing and thus becoming imperative to tackle. Signpost Six views insider acts holistically throughout the employee lifecycle (from recruitment to departure or promotion) and against the key themes of people, processes and technology. We focus on the people and processes aspects and work closely with technology partners to achieve all-encompassing solutions.
Data theft or other malicious acts of espionage, fraud or violence don’t just happen spontaneously. It’s a process that takes place over time and entails a common set of factors and similar patterns of individual- and organisational behaviour leading to such acts. Signpost Six calls this “the Critical Path to Derailment” as described by Shaw and Sellers’ in “Application of the Critical—Path Method to Evaluate Insider Risks”. This fortunately implies opportunities for interventions early on, both within the organisation as for the individual.
Baseline risk & threat assessment
The first step towards a solution starts with a baseline assessment of the risk profile of an organisation and risk prevention and mitigation readiness. This is captured in the seven steps of the Signpost Six quick scan. This assessment is the basis for the tailor-made road map facilitating proportionate and risk based improvements within your organisation.
Top-up screening process
Signpost Six offers integrity and personality screening for the recruitment and selection of employees in risk prone positions, either in physically high risk environments or employees in positions dealing with sensitive materials or data.
Signpost Six provides auditing consultancy services to review an organisation’s readiness for preventing, detecting, and responding to harm from insider threats against 19 best practices. This incorporates the employee life cycle set against people, processes and technology aspects.
Critical path e-learning programme
Critical path e-learning programme for employers and employees: Recognising the need for organisations to come with scalable solutions, Signpost Six has designed an e-learning programme focusing on ‘co-worker’ and ‘supervisor’ awareness of behavioural risk signs. This is set within the context of the critical path to derailment, including the required management activities and efforts. The programme will support early recognition of concerning behaviours and therewith the mitigation of the risk of insiders within an organisation.
The ‘critical path to derailment’ is a person- situation interaction. Beyond screening and auditing we support organisations in implementing the right processes and procedures to manage insider risks. This also entails having the right whistleblowing programmes to channel legitimate concerns within organisations.
We provide consultation on insiders committing data breaches, sabotage, workplace violence, and espionage. Signpost Six provides organisational support to identify individuals at risk in an organisation and provides insights into their ‘critical path to derailment’. We support organizations and individuals managing such issues in a sustainable manner. For further information on behavioural threat assessment, please also see the ‘behavioural threat assessment and anonymous threats’ section.
Behavioural Threat Assessment & Anonymous threats
Far too many organisations are unprepared for threats that materialise. In these cases, the impact of such incidents are often much more severe than if they had anticipated the potential materialisation of the key threats. A behavioural threat assessment is an effective instrument to identify, assess, and manage the risk of future, planned malicious acts by individuals or groups of individuals.
This could entail acts of violence, stalking, sabotage, data leaks, espionage or other forms of malicious behaviours. With this approach a structured process is utilised in response to an actual concern, threat, a perceived threat, or alarming behaviour noted by others and aims to prevent further ‘derailment’ by individuals or groups towards the actual malicious act. It also prepares the first responders to such incidents in an effective way.
Signpost Six supports organisations with behavioural threat assessments and implementation of mitigation measures with the following services:
We support individuals and organisations with the threat assessments and management of concerning cases. We assist with assessing the level of concern, patterns of escalation, and provide advice on how to manage the case – whether ourselves on behalf of the client, or through the client’s management team, and if needed in cooperation with other institutions.
Organisational support and implementation
Signpost Six supports organisations with assessing their most relevant threats based on a threat landscape assessments. This then becomes the basis for integrating threat assessment policies, processes and procedures within their (oftentimes existing) structures. Threats from malicious acts are cross cutting and could emerge in any organisation whether it’s a NGO, a public institution or a global corporation. Derailment towards malicious acts doesn’t happen instantly. It’s a process over time. Therefore, prevention remains equally an active process and requires policies and programmes, threat assessment procedures and management support, and a joint understanding of the importance of such processes.
Anonymous Threatening Communications
Anonymous threats are becoming much more prevalent in an online society. Digital channels, in particular social media, have become very easy and anonymous vehicles to target victims online and potentially harm them in person.
Signpost Six supports individuals, groups or organisations with threat assessments of an individual or group; the assessment of what stage of the threat on the scale of derailment; the identification of authorship (Who is the perpetrator?) and the steps that need to be taken to ensure safety for the victim. This involves close cooperation between IT/cyber experts and behavioural scientists.
Cyber Secure Behaviours
The lessons learned from cyber security incidents show that the cyber secure behaviours of employees could have reduced the impact of many of these incidents or even their mere existence. Effective “Cyber Secure Behaviours” programmes, therefore, not only ensure that employees are more aware about the cyber security risks but also change the behaviour of employees.
Behavioural change can be used to mitigate the risks of social engineering by outsiders as well as minimise unintentional insider incidents. For may organisations there is an acute need to ensure employees conduct and improve behaviours to reduce overall cyber security risks that their organisations are facing. The objectives of a programme for cyber secure behaviours should entail the following essential components:
- Create awareness of risk landscape and understanding of required actions
- Facilitate the required changes in attitudes, intentions and behaviours and actual application of the actions
- Ensure that the behavioural changes become routine
- Periodically assess and evaluate the behaviour of employees in relation to cyber security risks of the organisation
The end result: cyber secure behaviours become a habit rather than a goal.
Signpost Six provides consultancy on cyber security awareness campaigns to specifically apply behavioural change theory and models for seamless security habits, practices and procedures.