Managing the Insider Threat with Defensive Strategies
The bad guys are always changing it up, and that’s why GSX 2021 features a Defensive Strategies Learning Theater. The objective of the theater is to keep security professionals one step ahead of anyone looking to do harm to the people or assets that need protecting.
On Monday, that meant a heavy dose of looking at how the insider threat has evolved—a theme that carries through to Tuesday and Wednesday. All sessions from the Defensive Strategies Theater are livestreamed each day beginning at 10 a.m. ET, and archives will be available after the event.
In “COVID-19 Reshaped the Insider Threat Problem: Have You Reshaped Your Solutions?” Session on Monday, Michael Gips, principal, Global Insights in Professional Security examined the toll the COVID-19 pandemic has taken on organizations and their employees.
As has been well-documented (see this infographic and article from Security Management), mental health has become a crisis, and as Gips noted, workers struggling with stress and mental health issues are more compromised and less conscientious to details. In fact, overall, organizations can expect the cultures of security awareness they’ve worked to build to be diminished.
“I talk to people all the time who say when they talk to their staffs that no one remembers basic protocols anymore,” Gips said. “They don’t know what to do if they suspect fraud or if they think someone may need counseling or they themselves may need it. Basic processes have taken a hit.”
All of this has “created a perfect storm” that magnifies the insider threat. The tools for mitigating the insider threat, however, are not new. Security professionals need to double down on the tactics and techniques already in use. The threat should be brought before the organization’s leaders who must buy-in to monitoring and mitigating tactics.
First and foremost, putting in place—or reestablishing—the need for people to be aware and report suspicions. Human indicators are the early intervention that can stop minor issues before they become major problems. By the time people are relying on technical indicators—such as fraud anomaly detection—damage is usually already occurring.
A later session, “Political Extremism and Insider Threat Early Warning,” examined insider threats through the lens of extremism. In the session, a panel discussed legal issues, free speech rights, privacy, employee morale, and culture, among other aspects. The unique challenges extremism presents security working to mitigate insider threats were presented in a recent Security Management article.
“While diversity can strengthen an organization, strong or extreme beliefs in the workplace can be a two-edged sword,” wrote Steven Crimando. “An employee’s passion for a belief or cause might manifest itself as a real commitment to their employer or a project, but it can also create friction, erode workforce cohesion, and consume valuable resources when dealing with conflict.”
In the session, the panel presented signs that show the advance—and danger—of extremism in society. In a pre-session interview, Torchstone Global’s Scott Stewart said, “the difference today is the proliferation of social media and the critical role it plays in spreading extremist ideologies. This gives these ideologies a wider reach than before. For example, QAnon has spread to dozens of countries. Social media has allowed extremists to become their own mass media.”
The best antidote, he said, is building a security awareness culture.
“Countering the threat of violent extremist insiders is not just the responsibility of the police or corporate security. It is a community responsibility,” Stewart said. “And every person in your organization plays a critical role in keeping your company and the larger community safe from the threats posed by extremist insiders.”
For more on insider threats in the Defensive Strategies Theater, see these upcoming sessions:
- 10:00 a.m. to 11:00 a.m.: "Insider Risk Management for Security Executives: How to Tackle Your Organization’s Biggest Threat"
- 11:30 a.m. to 12:30 p.m.: "Confessions of a CIA Spy: The Art of Human Hacking"
- 11:30 a.m. to 12:30 p.m.: "Insider Threat: Crossapplying U.S. Government Strategies to the Private Sector"
Scott Briscoe is the content development director for ASIS International and a contributor to Security Management, the parent publication of The GSX Daily.