Across our series of four webinars covering the topic of insider threat, some key themes have repeatedly been raised by the experts who have shared their thoughts. Hearing from highly experienced professionals in the industry, including Douglas Thomas of Lockheed Martin, Charles Margiotta of the National Insider Threat Task Force (NITTF), and Sue Steinke of Perspecta, the webinars have given us broad perspectives that nonetheless touch on several similar points and interconnecting advice. In this post, we cover some of the top themes that have been raised regarding what organizations should be doing to manage insider threat.
Communication, Trust and the Human Factor
Several of our security experts brought up the importance of human factors and of fostering communication and trust as a way to mitigate insider threat. Among their advice includes the importance of forming a strong working relationship between human resources and security and creating governance structures with the aim to balance employee privacy with human factor reporting. Communication and trust with employees were also emphasized. Transparency, trust, and strong communication with employees are essential to make insider threat programs work.
We are nothing without our employees. And so making sure that they have the tools and resources available to them [...] these are all things that that we've all kind of come together as an organization to work on – Wailohia Woolsey
The Interdisciplinary Approach to Insider Threat
The need for an interdisciplinary approach to working against insider threats was also a frequent theme in our webinars. Viewing insider threat as merely an IT problem or security issue will leave gaps in any approach to navigating insider threat. This links to the need for communication, requiring cooperation and coordination from all departments. Everyone must be involved with the strategy for dealing with insider threat, from leadership to cyber, security, human resources, legal, communications, and other departments.
You always have to look at the tech side and you have to look at the human side and stay nimble – Sue Steinke
Organized, Comprehensive Strategy
Organization is crucial when it comes to managing insider threat, no matter the size of the company. There needs to be centralized commitment and leadership with an organized approach that reaches across all departments. Organizational, human, and technological factors must be combined to tackle the issue of insider threat from all angles. A robust and well-organized approach to insider threat ensures there is complete oversight and governance.
The long pole in the tent is senior leadership buy-in – Doug Thomas
Uncertainty and Flexibility
This year has created a lot of uncertainty due to the COVID-19 pandemic. This has emphasized, for our experts, the need to be flexible in the face of uncertainty. With unpredictability still facing many industries in 2021, it is essential to be able to adjust to whatever may happen. The uncertainty is not only felt by organizations themselves but also by their employees, which makes the human factor even more important. Both organizations and their employees have to navigate uncertainty and make changes to adapt.
Being prepared, one way or the other, whether we're going to have a more remote workforce, or whether people are coming back in the office – Mike Oehler
Prevention, Not Reaction
It's always important to focus on preventative strategy when managing insider threat. When it's time to react to a known risk or emerging risk, it could already be too late to prevent any damage from occurring. Taking preventative measures should always be a priority, and getting employees involved in an organization's insider threat program is the key to building a robust strategy for prevention.
Create a strong insider threat program with the key themes from our insider threat seminars.