A Cyber Resilient Culture is the Key to Your Insider Threat Program

/A Cyber Resilient Culture is the Key to Your Insider Threat Program

A Cyber Resilient Culture is the Key to Your Insider Threat Program

Having just attended the insiderthreat Summit last month I was surprised at how much focus was on identifying behavioral characteristics of malicious insider threats.  Don’t get me wrong, proactively identifying malicious insiders is a critical part of an Insider Threat Program, but I believe that you also must consider the inadvertent actors; end users who are careless or who are unaware of or adhering to policy.  I’ve read that up to 66 percent of cyber security incidents are caused by inadvertent actors.  If this is true, then we can significantly decrease our risk through shaping the behavior of our employees towards security awareness.

How do we reduce our risk of a cyber security incident due to end user error or carelessness — through development of a cyber resilient culture.  You cannot implement this type of change by providing an annual training class and test.  You have to take a holistic look at the areas of risk and the categories of the people that you have working for you.  A renewed focus on inadvertent actors actually will complement your programs targeting malicious insiders and will increase the likelihood that your employees will be your biggest assets in recognizing cyber security threats.

A risk assessment will help you to focus most of your effort where you have most of your risk.  What information do you have?  Who has access?  What would happen if cybercriminals got their hands on it?  What is the potential consequence?  Consequence can be direct monetary loss or it could be future loss due to damaged reputation.

Identifying the categories of people with access to your systems will help you to tailor your plan appropriately.  You wouldn’t take the same approach to shaping the security behavior of a software developer as you would for an executive.  You may also need to consider generational differences to tailor your approach so that it is most effective.

The end goal is to shape everyone’s behavior so that security is something that they consider 24×7; whether they are at home surfing the net or reading email in the office.  At Expressworks we have helped many companies implement behaviors that reduce enterprise risk (security, safety, reporting, etc.).  There are many innovative techniques that we use to keep security fresh in everyone’s minds.  We’ve seen great success in the implementation of gamification, penetration testing and just in time training and communications just to name a few.

In summary, I recommend that you don’t overlook the importance of developing or reinvigorating a culture of cyber resilience within your organization when developing an Insider Threat Program.  Your inadvertent actors may turn into your greatest asset for protecting your digital assets from malicious insiders as well as external threats.

By | 2017-05-23T10:47:50+00:00 April 6th, 2016|Cyber Security, IT Strategy & Implementation|0 Comments

About the Author:

Samantha Leach
Samantha Leach is a senior change consultant with Expressworks International LLC. She brings over 20 years of experience in building and leading international high-tech programs through mission-critical stages. Samantha is passionate about balancing people, process and technology in order to ensure a successful program. Samantha started her career working for the National Science Foundation followed by several years leading large-scale technology projects at Wright Patterson Air Force Base. Since then she has focused on leading global technology programs with a focus on information technology and corporate security. In addition to her work in technology and process efficiency, Samantha has spent a significant amount of time architecting behavioral elements into these programs ensuring a balanced approach and successful adoption. Samantha obtained a B.S. in Electrical Engineering and Computer Science from The George Washington University and an M.B.A. degree from the University of San Francisco. Always adding to her toolkit Samantha also has certificates in Six Sigma, Lean Sigma, Agile and Gamification.