Businesses face a multitude of security threats—from leaks to targeted attacks—that can compromise closely guarded information and day-to-day operations.
Often, the source of the threat comes from within the organization—from individuals with knowledge that would allow them to exploit the company’s security, systems, products or facilities. And, whether the act is white-collar in nature, sabotage or violence against personnel, the effects can be devastating to a company’s operations and financial stability.
The good news? Risks can be minimized by developing a strategic planning framework that addresses threats from insiders. Organizations can address this threat by focusing on improving personnel security, information security, counterintelligence, and training and awareness.
To minimize risk, the process begins with a current-state analysis. This is an inventory of existing programs, practices and initiatives that address the insider threat. Once the analysis is complete, organizations can identify focus areas and develop strategic objectives.
Three strategies can work together to help organizations evaluate and address threats from within: deter, detect and neutralize.
Deterrence helps prevent insider threats to critical information, personnel and facilities. This is accomplished by focusing on personnel security and suitability screening, awareness and training, continuous evaluation and information sharing. Organizations should inform employees that a detailed security plan is in place to protect the company. Additionally, organizations should remain vigilant and identify employees who pose potential threats, and then communicate between departments about those potential threats.
Detection is the process by which organizations identify insider threat activity and safeguard their resources. Focus areas include counterintelligence, managing the risks associated with information and data transmission, and security auditing and monitoring. This strategy works to protect an organization’s resources from threats and actively seeks to identify suspicious activity.
Finally, neutralization is the means by which organizations respond to hostile insiders, as well as additional threats and vulnerabilities. This is achieved through surveillance and monitoring, the use of informants and employing preventive measures. When threats are detected, organizations must investigate the source in order to bring an end to the current situation and take steps to prevent similar attacks or breaches from occurring again.
The specific vulnerabilities and risks vary with each organization. That is why it is important to develop an overall framework to address insider threats once a company’s strategic objectives and focus areas are mapped out.
Big Sky Associates recently helped the U.S. Army’s Deputy Chief of Staff for Intelligence develop a strategic planning framework in the wake of the Fort Hood shootings and WikiLeaks debacle—two cases in which an insider caused considerable harm to the organization. After an inventory of on-going work and the steps in place to mitigate insider threats, Big Sky developed a concept for the Army using the deter, detect and neutralize model. The framework included the final step of effecting change once the first three were completed.
The Army established objectives for each initiative, beginning with enhancing their deterrence procedures by improving personnel security and information sharing, as well as better education and training. To better detect threats, the Army turned to the use of leading technologies, which allowed the organization to manage information faster and more effectively.
To neutralize and exploit threats, the Army relied on its existing security programs while actively working to identify new methods and techniques. And with the final goal, effect change, the Army partnered with internal and external stakeholders to implement the vision of the strategic planning framework and improve the effectiveness of the new security program.
Big Sky also helped the Army create a database to track funding across each of the initiatives within the scope of the security project. And, the company developed risk scenarios and recommended courses of action, as well as a portfolio management methodology to help the Army measure the effectiveness of the new initiatives against the status quo.
Today, the Army’s intelligence operation has a strategic planning framework in place to address the insider threats, and the processes are being shared across the Department of Defense as a potential leading practice to be adopted by other groups.
The objectives developed for the Army can serve as a guide for commercial organizations to address their own security concerns and reduce the risk of insider threats.
John Dillard is president and co-founder of Big Sky Associates, a management consulting firm. Prior to Big Sky, Dillard was an intelligence officer with the U.S. Navy and a lieutenant with the U.S. Navy Reserve, where he is currently listed as inactive reserve.
