Best Mitigation Practices
Some employees will be unhappy if they believe they are under constant scrutiny whereas others may find this a relief. Given that perceptions and expectations sway from office to office, department to department and across organisations; following countermeasures can be employed:-
Providing specific training in detecting manipulative attempts to all client-facing employees
Warning all staff to be alert to anyone asking for sensitive or restricted information
Being alert of all unknown enquirers who try to extract information in a rush, stressing authority or refusing to give contact details
Spreading awareness about individuals who are excessively negative about the organisation or their work
Establishing a formal grievance procedure for staff to vent their feelings
Setting up a secure and confidential system for staff to report abnormal behaviour
We cannot guarantee ultimate security but we can guard against them. It is important to continue our development with a strong understanding of insider risks. A key priority is to focus on insiders within security risk assessments and compliance regimes.
Reference: BT Security, UK (Human factors in information security)
Recent advances in technology have brought many benefits and changes to our society. We are able to rely on the automation of tasks that would otherwise require much time and effort such as x-ray machines, metal detectors and even vending machines.
Automated technology has spread its tentacles in every sphere of society – technological leaps in medicine have led to an increase in average life expectancy, while advances in military and research have proven to be extremely beneficial; additionally, advances in artificial intelligence are also making headlines such as Cleverbot – a chat-bot modelled on human behaviour and able to hold a conversation.
Thus, as automated technology becomes more intelligent, it is being placed in situations where it provides decision-making ground for humans.
Such is the case with organisational security. Creating technologically robust automated risk mitigation platforms is the backbone of a company. Whether it is about protecting data at its source or default encryption, implementing an automated data security platform has always been paramount. These risk management regimes can effectively counter authorised and unauthorised access attempts.
Automated security saves labor and increases their productivity; moreover, it improves security process quality, accuracy and precision by reducing the probability of man-made errors. Thus, it generates data and trends for security-related decision-making.
However, would it be right to say that automated technological platforms are entirely secure? No, humans have the innate prowess to outdo any technological measure. After all, measures are developed by humans themselves and insiders know how to achieve the greatest impact while leaving little evidence. Thus, security controls whether physical or technological need to be adaptable and efficient in a variety of environments and developed, implemented and maintained with people’s behaviour in mind
With the ever evolving nature of global corporates, insider risks should be examined across technical, social, business and cultural factors.
Over-reliance on technology without considering other factors can have catastrophic results. It is imperative to focus on human factors, education and security awareness. With appropriate motivation and time, humans can find their way around most technical controls; therefore, significant investment in human factors is required to balance against technological investments. Employees and third parties will always be a part of organisations; it is critical to strike a balance between privileges needed to perform job duty and implementation of appropriate control and audit levels.
Certain human behaviours that point to a potential insider threat are:-
Regularly working unusual hours when there is next to negligible monitoring in the office premises.
Unusual computer use i.e. turning down the laptop screen when there is anyone in proximity.
Inappropriate use of social media – for publicising an unreleased product/service or bad-mouthing the company.
Vague answers to pointed questions – never detailing out their daily work.
Discontent with supervisors.
Disloyalty to the company.
Making personal issues public.
Unexplained disposable spending.
Accessing restricted areas.