Does yours consider human factors and insider threats!

Many companies have taken precautions against cyber-attacks. They range from technology solutions to the use of an outsourced or in-house security operations center (SOC).   An SOC is defined asa centralized function within an organization employing people, processes, and technology to continuously monitor and improve an organization’s security posture while preventing, detecting, analyzing, and responding to cyber security incidents.   Cyber is defined as relating to or characteristic of the culture of computers, information technology, virtual reality, and artificial intelligence. 

A Critical Component Is Missing

The “human factor” has been utilized by governments, competitors, and political influencers since the beginning of time.  With today’s technology advancing at light speed, leaders sometimes forget that the human factor must be a part of any complete cyber security approach.

Most companies have physical security that they feel handle the human factor in their security approach.  This is antiquated thinking… it is not looking at information as the real prize!  You may prevent equipment, product, and documents from being taken.

Human Factors & Threats

Insider threats are responsible for fraud, competitive espionage, misusing corporate resources and even workplace violence.  Threats are not always based on malicious intent, it can just be simple negligence, complacency, carelessness, or good intentions.  Most monitoring technology and SOC’s are based on identifying attacks on technology; some are utilizing AI and user activity monitoring (UAM).  Storing backups off-site, using cloud hosted applications, and the destruction of documents are all good precautions, but companies feel that everyday behavior cannot be monitored (i.e., potential civil liberties issues) and must trust that their culture of employee compliance with policy is enough.

There is a synergy between people, process, and technology that results in altered employee stress and how this new intensity and expectations on operations will affect the employees of not just those directly affected by the change, but by those employees that are interconnected to the department that is implementing the change.  With any change, there is a potential insider threat to the integrity of the security of the information as well as a company’s infrastructure.

No matter what the industry or level of employee, there will be an impact on process and cognitive actions.  Some people will excel at the change in routine; however, others will be unhappy, and/or look at the change, and circumvent security policies in order to make the changes fit their comfort zone.  There are still others that will look at the change as an opportunity to commit fraud or even worse, commit corporate sabotage or espionage.

Think Outside the Box!

As a way to prevent threats and identify strengths, weaknesses and potential cyber threats to their critical infrastructure, companies conduct exercises, do assessments and employ the use of an SOC.  Many companies are beginning to integrate their cyber security efforts with emergency management and physical security programs.

Thinking outside the box with cyber security means adding the human factor to the definition of cyber security.  It means looking at data points like:

• Are departments and/or employees using as much paper after a digital document architecture has been implemented?
• Are there departments (many times with the blessing of their leadership) going outside the approved procurement processes?
• Is a department experiencing excessive sick time or turnover?
• Are there unexplained variations in the amount of secure document destruction being done?
• Does your ITAM program include the validation of qualification and listing in a QPL, QML, or QBL, so that products are obtained from manufacturers or distributors, examined and tested for compliance with specification requirements, or manufacturers or potential offerors, are provided an opportunity to demonstrate their abilities to meet the standards specified for qualification?
• Are your records management policies updated to include the digital versions as well as the paper versions?
• Is there any growth in the amount of local storage a department or employee is requiring?
• Have you adapted your monitoring to keep pace with the distributed employee movement?
• Is your cyber team made up of all cyber techies, or does it include functional experts?
• Do you have a way to apply what you learn… and continuously inspect what you expect?
• During your exercises, are you observing and documenting human factors, effectiveness of policy training, management commitment to policy and procedure, etc.?

If you are not sure about how any of the above affect your cyber security readiness, let’s have a discussion!