In September, during the Insider Threat Awareness Month, we saw many distinguished leaders in the field deliver key presentations. As a kickoff for the month, our CEO Elsine van Os delivered a short blog post focusing on the earliest prevention of insider threat in the workplace. What more have we learned about this particular topic? We have summarised some key lessons and thoughts from the SBS Summit presentations for you here.
By Sophie Sakmann and Elsine van Os
Kick Off the Summit – Mr Robert Rohrer
- The workforce is not a threat: As we become more specialised and better in threat management, we must remind ourselves that the workforce is not a threat. It is an opportunity! We have to build trust, a sense of organisational citizenship and train the workforce in detecting suspicious and adversary behaviour.
- First and last line of defence: By increasing awareness and providing the workforce with tools, they become a crowdsource for threat information. Utilising the workforce as part of the solution highlights them as the first and last line of defence, thereby maintaining security even in the upcoming work-from-home culture.
Defining Cognitive Immunity – Mr Mark Frauenfelder
In an ever-changing world, our cognition is constantly under attack by structural manipulation, dirty tricks, false information, and bots. By creating false narratives that play towards our fears and biases, we become even more vulnerable to these attacks. Whether we are aware of them or not.
There are, however, ways to boost our resilience – our cognitive immunity – to these attacks. For that, we need a multi-level approach that goes beyond simply upgrading technology. We have to:
- look at data as a public good to change the way organisations operate and remove motives for manipulation
- establish independent oversight bodies for private platforms
- incentivise capital flows to support public and pro-social platforms
- invest in media literacy to improve critical thinking skills
- bring politicians and technology experts to the table
Defining Inoculation Theory – Dr Kurt Braddock
Inoculation is a method of counteracting persuasion through extremist propaganda. It consists of two elements:
- a forewarning of the threat that the current beliefs will be challenged by propaganda.
- a preemptive refutation which provides the target with the tools, motivation and arguments to challenge and resist extremist narratives.
This approach has been successful in many areas such as health, politics, relationship and business communication. Thus, training should be provided at the time of recruitment.
Should Creating and Maintaining Healthy Work Cultures Matter in the Insider Threat/Risk Community? – Dr Liza Briggs & Ms Laurel McKenzie
Although there is no causal link indicating that maintaining a healthy work culture benefits the counter-threat/ risk community, it can act as a protective factor. Dr Briggs and Ms McKenzie claim that it can reduce the risk of unproductive and disruptive behaviour. However, what makes a work culture healthy is subjective to each organisation. Carnegie Mellon University (CMU) also emphasises that:
“A well-balanced insider risk program can become an advocate for employee wellbeing and a means for a more productive, engaged, connected and committed workforce.”
Supervisor Behaviour and the Insider Threat – Broadening the Aperture – Dr John Landers & Dr Leesa Duckworth
The behaviour of supervisors can have significant effects on an employee’s cognitive immunity. Proactive supervision can foster a healthy work environment that cultivates organisational citizenship and the rejection of misinformation. In many organisations, mentorship and training are seen in terms of an employee’s current position. This can result in feelings of deprivation when they see colleagues advancing in their careers. However, some interventions can be used:
- cognitive intervention: gives an individual a framework to reorient and revise his way of thinking and cultural behaviour
- behavioural intervention: helps change an individual’s mindset and build confidence while also changing the mindset of others around him
- collaborative intervention: gives an individual the tool to voice and work on his needs together with a facilitator and to create a roadmap for future action
Organisational Justice Training as a Positive Deterrence to Insider Threat – Dr Chloe Wilson
Perceived fairness in an organisation plays an integral part in whether or not someone will commit a hostile act. Organisational justice can be divided into:
- distribution,
- procedural,
- interpersonal and
- informational justice.
During the epidemic, for instance, there was a greater sense of injustice surrounding disparities in the implementation of safety regulations, flexible work schedules, and telework laws.
The perception of justice can lead to increased feelings of inclusion, trust in management, and a decrease in counterproductive behaviour and employee turnover etc. Thus, it is vital to train supervisors to become aware of signs, the impact they can have on their team and strategies to create a just workplace.
Waging A War Against Words: The Role of Organisational Culture in Combatting Misinformation – Dr Nicole Alford
As we encourage individuals to bring their whole selves to work we have to accept that they will bring some baggage with them. They will bring misinformation, disinformation and facts that are unverified. If organisations are not prepared for this it can create an atmosphere of mistrust, anxiety and conflict. To mitigate these challenges we need a variety of complementary focus areas:
- leaders that are courageous,
- communication practices that are factual and transparent,
- flexibility to change directions as new information becomes available,
- emphasis on social capital and
- culture of learning.
Psychology of Conspiracy Theories – Dr Lindsay Braden & Dr Phillip Atkinson
Conspiracy theories have become more common in our increasingly uncertain world. They emerge from the need for control, safety and a sense of belonging. Thus, it is no surprise that conspiracy theories also arise in an organisational context. However, three factors can mitigate these challenges.
- make employees feel heard and understood as directly disputing conspiracy theories will lead to resistance and reinforce beliefs
- provide opportunities for development as employees who focus on promotions and have a sense of control are less likely to believe in conspiracy theories
- offer training to practice critical thinking skills that equip employees to question conspiratorial narratives to make them less vulnerable.
The above sessions were highlighted as they had a good focus on the prevention of insider threats and risks. Now, some of the implementations of these insights and lessons do not rest with security or insider risk teams directly. They could sit with HR, leadership or line management or actually all employees on the work-floor. It is the duty of insider risk teams to ensure that insider risk management is:
- approached holistically- from prevent, detect, respond to recover. Do you have a mandate to integrate prevention into your program and what does this mean for your cooperation between departments?
- managed professionally in each stage of the process with a strong understanding of your own biases especially in case management and investigations
- up to date with societal developments (the outside-in perspective). Keep your insider risk assessments up to date in order for you to stay ahead of the threat!
At Signpost Six, we are committed to helping organisations mitigate insider risk. Want to know more? Reach us at info@signpostsix.com or check https://www.signpostsix.com/consultancy/. Are you eager to learn what insider risk is? Check out https://www.signpostsix.com/academy/. Contact us now and further secure your workplace