Page 26 - the SyI Quarterly 13 - (V4)
P. 26
Our Membership
The three challenges that impede an organisation’s ability to invest and implement the platforms and The first stream focuses on research being conducted by the UK CPNI, the U.K.’s National Cyber
security processes needed to address the insider risk are. Security Centre (NCSC), the U.S. National Threat Assessment Centre, the US DOD’s Personnel
Security Research Centre (PERSEREC), and Carnegie Mellon’s Computer Emergency Response
• Employees tend to be inherently trusted. As a result, any threats from the organisation’s Team (CERT). These studies appear to assess and analyse malicious insiders’ physical and online
employees become extremely difficult to anticipate and identify because authorised users already actions both before and during systems and network compromises. i.e., technical
have the credentials and approved access and are unlikely to trigger any alerts if they misuse their
privileges. The second and complementary to the first insider risk research stream appears to use risk
• Insider risks may not be at the forefront of security expenditure as the areas within organisational analysis modelling to assess the impacts of policy decisions, technical security measures
security that gain the most attention focus on access authentication, asset/endpoint protection, and psychological issues and their effects on organisational culture against insider risk. i.e.,
and remote/cloud protection, all of which tend to feature the detection and prevention of external behavioural.
attacks.
• The volume of data that moves across an organisational network, the ease with which data can
be transferred via the internet, and the growing usage of mobile devices, with an exponentially It is accepted that established conventional approaches to reduce insider risk cohesively contribute
increasing cloud-based transition to support business functions. toward insider risk mitigation. However, if applied in isolation, they may only provide a limited
deterrent to an insider operating with a degree of sophistication, determination and training.
While each security threat merits investment, insider risk remains a growing weakness for some
organisations, leaving employees, contractors, and third parties open to a pernicious vulnerability. Insider risk solutions
Indicators such as unexplained anger, undue secrecy and excessive self-importance introduce the
Summary possibility of a range of complex influences and emotions as motivating factors. However, personal
behaviours may not immediately raise concerns about insider risk to security management. They
Conventional Insider risk mitigations inform established vetting and monitoring procedures, including may initially manifest as welfare matters or H.R. issues and may not be communicated effectively
pre-employment screening, financial background checks, probation periods, random audits, stringent between departments.
access controls, and surveillance technologies to monitor people and their use of equipment.
The changing landscape calls for a more proactive approach to help organisations understand the
Current studies into insider risk appear to be divided into separate workstreams. themes, activities and challenges of insider risk to enhance the understanding and detection of
such incidents. A team ethos of trust and transparency based on good communications and the
positive encouragement of self-monitoring behaviours can be applied in the form of
Security Culture - Awareness.
Security Systems - Automation.
Insider Risk - Training.
The solutions above aim to improve the detection and deployment of insider risk responses
because the author believes that every employee can potentially provide a missing piece of
evidence to detect insider risk.
The responses to the authors insider risk survey are linked HERE: https://security-institute.org/wp-
content/uploads/2022/11/02_November_2022_SIG_Insider_Risk_Survey-v.01.docx
