Download PDF version Contact company

Insider threat programs started with counter-espionage cases in the government. Today, insider threat programs have become a more common practice in all industries, as companies understand the risks associated with not having one. To build a program, you must first understand what an insider threat is.

An insider threat is an employee, contractor, visitor or other insider who have been granted physical or logical access to a company that can cause extensive damage. Damage ranges from emotional or physical injury, to personnel, financial and reputational loss to data loss/manipulation or destruction of assets.

Financial and confidential information

While malicious insiders only make up 22% of the threats, they have the most impact on an organization

Most threats are derived from the accidental insider. For example, it’s the person who is working on a competitive sales pitch on an airplane and is plugging in financial and confidential information. They are working hard, yet their company’s information is exposed to everyone around them. Another type of insider, the compromised insider, is the person who accidentally downloaded malware when clicking on a fake, urgent email, exposing their information.

Malicious insiders cause the greatest concerns. These are the rogue employees who may feel threatened. They may turn violent or take action to damage the company. Or you have the criminal actor employees who are truly malicious and have been hired or bribed by another company to gather intel. Their goal is to gather data and assets to cause damage for a specific purpose. While malicious insiders only make up 22% of the threats, they have the most impact on an organization. They can cause brand and financial damage, along with physical and mental damage.

Insider threat program

Once you determine you need an insider threat program, you need to build a business case and support it with requirements. Depending on your industry, you can start with regulatory requirements such as HIPAA, NERC CIP, PCI, etc. Talk to your regulator and get their input.

Everyone needs to be onboard, understand the intricacies of enacting a program

Next, get a top to bottom risk assessment to learn your organization’s risks. A risk assessment will help you prioritize your risks and provide recommendations about what you need to include in your program.

Begin by meeting with senior leadership, including your CEO to discuss expectations. Creating an insider threat program will change the company culture, and the CEO must understand the gravity of his/her decision before moving forward. Everyone needs to be onboard, understand the intricacies of enacting a program and support it before its implemented.

Determining the level of monitoring

The size and complexity of your company will determine the type of program needed. One size does not fit all. It will determine what technologies are required and how much personnel is needed to execute the program. The company must determine what level of monitoring is needed to meet their goals.

After the leadership team decides, form a steering committee that includes someone from legal, HR and IT. Other departments can join as necessary. This team sets up the structure, lays out the plan, determines the budget and what type of technologies are needed. For small companies, the best value is education. Educate your employees about the program, build the culture and promote awareness. Teach employees about the behaviors you are looking for and how to report them.

Behavioral analysis software

Every company is different and you need to determine what will gain employee support

The steering committee will need to decide what is out of scope. Every company is different and you need to determine what will gain employee support. The tools put in place cannot monitor employee productivity (web surfing). That is out of scope and will disrupt the company culture.

What technology does your organization need to detect insider threats? Organizations need software solutions that monitor, aggregate and analyze data to identify potential threats. Behavioral analysis software looks at patterns of behavior and identifies anomalies. Use business intelligence/data analytics solutions to solve this challenge. This solution learns the normal behavior of people and notifies security staff when behavior changes. This is done by setting a set risk score. Once the score crosses a determined threshold, an alert is triggered.

Case and incident management tools

Predictive analytics technology reviews behaviors and identifies sensitive areas of companies (pharmacies, server rooms) or files (HR, finance, development). If it sees anomalous behavior, it can predict behaviours. It can determine if someone is going to take data. It helps companies take steps to get ahead of bad behavior.

If an employee sends hostile emails, they are picked up and an alert is triggered

User sentiment detection software can work in real time. If an employee sends hostile emails, they are picked up and an alert is triggered. The SOC and HR are notified and security dispatched. Depending on how a company has this process set-up, it could potentially save lives. Now that your organization has all this data, how do you pull it together? Case and incident management tools can pool data points and create threat dashboards.

Cyber detection system with access control

An integrated security system is recommended to be successful. It will eliminate bubbles and share data to see real-time patterns. If HR, security and compliance departments are doing investigations, they can consolidate systems into the same tool to have better data aggregation. Companies can link their IT/cyber detection system with access control. Deploying a true, integrated, open system provides a better insider threat program.

Big companies should invest in trained counterintelligence investigators to operate the program. They can help identify the sensitive areas, identify who the people are that have the most access to them, or are in a position to do the greatest amount of harm to the company and who to put mitigation plans around to protect them. They also run the investigations.

Potential risky behavior

Using the right technology along with thorough processes will result in a successful program

You need to detect which individuals are interacting with information systems that pose the greatest potential risk. You need to rapidly and thoroughly understand the user’s potential risky behavior and the context around it. Context is important. You need to decide what to investigate and make it clear to employees. Otherwise you will create a negative culture at your company.

Develop a security-aware culture. Involve the crowd. Get an app so if someone sees something they can say something. IT should not run the insider threat program. IT is the most privileged department in an organization. If something goes wrong with an IT person, they have the most ability to do harm and cover their tracks. They need to be an important partner, but don’t let them have ownership and don’t let their administrators have access.

Educating your employees and creating a positive culture around an insider threat program takes time and patience. Using the right technology along with thorough processes will result in a successful program. It’s okay to start small and build.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

Author profile

Dan Bissmeyer Business Development Manager, AMAG Technology, Inc.

In case you missed it

What New Technologies And Trends Will Shape Video Analytics?
What New Technologies And Trends Will Shape Video Analytics?

The topic of video analytics has been talked and written about for decades, and yet is still one of the cutting-edge themes in the physical security industry. Some say yesterday’s analytics systems tended to overpromise and underdeliver, and there are still some skeptics. However, newer technologies such as artificial intelligence (AI) are reinvigorating the sector and enabling it to finally live up to its promise. We asked this week’s Expert Panel Roundtable: What new technologies and trends will shape video analytics in 2021?

Tackling The Challenge Of The Growing Cybersecurity Gap
Tackling The Challenge Of The Growing Cybersecurity Gap

The SolarWinds cyberattack of 2020 was cited by security experts as “one of the potentially largest penetrations of Western governments” since the Cold War. This attack put cybersecurity front and center on people’s minds again. Hacking communication protocol The attack targeted the US government and reportedly compromised the treasury and commerce departments and Homeland Security. What’s interesting about the SolarWinds attack is that it was caused by the exploitation of a hacker who injected a backdoor communications protocol.  This means that months ahead of the attack, hackers broke into SolarWinds systems and added malicious code into the company’s software development system. Later on, updates being pushed out included the malicious code, creating a backdoor communication for the hackers to use. Once a body is hacked, access can be gained to many. An explosion of network devices What has made the threat of cyberattacks much more prominent these days has been IT's growth in the last 20 years, notably cheaper and cheaper IoT devices. This has led to an explosion of network devices. IT spending has never really matched the pace of hardware and software growth Compounding this issue is that IT spending has never really matched the pace of hardware and software growth. Inevitably, leading to vulnerabilities, limited IT resources, and an increase in IoT devices get more attention from would-be hackers. Bridging the cybersecurity gap In the author’s view, this is the main reason why the cybersecurity gap is growing. This is because it inevitably boils down to counter-strike versus counter-strike. IT teams plug holes, and hackers find new ones, that is never going to stop. The companies must continue fighting cyber threats by developing new ways of protecting through in-house testing, security best practice sources, and both market and customer leads. End-user awareness One of the key battlegrounds here is the education of end-users. This is an area where the battle is being won at present, in the author’s opinion. End-users awareness of cybersecurity is increasing. It is crucial to educate end-users on what IoT devices are available, how they are configured, how to enable it effectively, and critically, how to use it correctly and safely. Physical security network A valuable product that tackles cybersecurity is, of course, Razberi Monitor™, which is new to ComNet’s portfolio. Monitor™ is a software platform that provides a top-down view of the physical security network and ecosystem. Monitor™ is a software platform that provides a top-down view of the physical security network and ecosystem It monitors and manages all the system components for cybersecurity and system health, providing secure visibility into the availability, performance, and cyber posture of servers, storage, cameras, and networked security devices. Proactive maintenance By intelligently utilizing system properties and sensor data, Razberi’s award-winning cybersecurity software prevents problems while providing a centralized location for asset and alert management. Monitor™ enables proactive maintenance by offering problem resolutions before they become more significant problems. Identifying issues before they fail and become an outage is key to system availability and, moreover, is a considerable cost saving.

Hikvision Ensures Building-Wide Security And Optimising Parking Flow For Luxury Four-Star Hotel In Kigali
Hikvision Ensures Building-Wide Security And Optimising Parking Flow For Luxury Four-Star Hotel In Kigali

Security monitoring, intrusion detection, parking management, one installation of Hikvision technology can do all this, and more. Discover how the 2000 Hotel in Kigali is using Hikvision technology to make operations more secure and efficient on every floor of its luxury four-star accommodation. The 2000 Hotel in Kigali, Rwanda, is known as the ‘highest hotel in Kigali’, offering captivating views over the city and the mountains. Guests enjoy the hotel’s four-star luxury facilities for work and leisure, taking advantage of its central location in the heart of Rwanda’s bustling capital city. Security of hotel guests has always been paramount, and so soon after the hotel was built, the management team installed security cameras throughout. However, over time it turned out that the imagery captured simply wasn’t clear enough to be useful in many situations. Underground parking lot Unfortunately, we started to notice that goods were going missing in the supermarket, as well as in the warehouse" What’s more, there were further security issues following the opening of a new supermarket on the hotel’s second floor. “Unfortunately, we started to notice that goods were going missing in the supermarket, as well as in the warehouse,” explains Miao Zhang, the Managing Director, 2000 Hotel. “Sometimes we noticed cash was missing from the registers, too.” In addition to this, the hotel was seeking a more efficient way to manage its underground parking lot. “The hotel was using a guard to let people in and out of the parking lot, and to calculate payments. But with more than 500 spaces to look after, this took time, often causing traffic jams as visitors waited to leave. Plus, the parking fees were sometimes incorrect,” explains Jaden. “Consequently, the team decided to explore how technology might be able to help.” Intrusion alarm system The 2000 Hotel chose a complete Hikvision solution, featuring 70 security cameras, a 60-channel intrusion alarm system for the supermarket, and an entrance/exit and payment system for the parking lot. In the corridors of the hotel and in the supermarket, the team installed Hikvision Dome Network Cameras (DS-2CD2145FWD-I). These discreet cameras offer high-quality images, even in low light conditions. In the hotel lobby, the stairwells and in the supermarket, the team installed Hikvision Bullet Network Cameras (DS-2CD2T45FWD-I5), with extended zoom and infrared capabilities that are ideal for these larger spaces. At the supermarket checkouts, the team installed Hikvision Varifocal Bullet Network Cameras (DS-2CD2645FWD-IZS), which feature a motorised varifocal lens for close monitoring of this busy location. Varifocal IR bullet cameras Meanwhile, Hikvision Varifocal IR DarkFighter Bullet Cameras (DS-2CD5A26G0-IZS) were installed at the main entrance of the hotel and the supermarket. These feature a wide dynamic range, ensuring clear images even when the cameras are facing strong light. To protect the supermarket outside of opening hours, the 2000 Hotel installed a complete Hikvision intrusion alarm system. The alarm system contains a PIR sensor (DS-PD2-D15AME), which is installed near the window of the supermarket. If someone intrudes in from the window at night, the system will be triggered and an alarm will be issued. Not only that, there is also a panic alarm station (DS-PEA1-21) in the control room of the supermarket. If an emergency occurs, people can use the tool to realise alarm aid at the first time. ANPR video unit The 2000 Hotel is managing the whole solution through Hikvision IVMS-5200E software Finally, at the entrance and exit of the underground parking lot, the hotel installed the Hikvision ANPR Video Unit (DS-TCG227-A), along with barriers, a card station and an integrated payment system, also from Hikvision. The 2000 Hotel is managing the whole solution through Hikvision IVMS-5200E software. Thanks to the high quality Hikvision technology, live review is very clear, making it ideal to support the investigation of any security incidents. However, since cameras were installed, there have been fewer incidents to deal with. What’s more, the supermarket team are better equipped to respond in the event of an out-of-hours breach. “If an intruder triggers the alarm, the duty manager gets an instant alert on their phone with quick access to relevant footage. This gives them real peace of mind,” says Jaden Huang, the Project Manager from Hikvision. “Indeed, it’s possible to view the status of the whole hotel system from a laptop or phone.” Parking management solution Down in the basement parking lot, the Hikvision parking management solution is working effectively. “Parking has become faster and more automated. For example, barriers will open and close automatically when customers take or insert a card, and parking charges are automatically calculated. And there are no more jams on exit,” confirms Jaden. The 2000 Hotel team are working on a new building in Kigali, with construction almost completed. The plan is to use Hikvision technology here, too. Miao says “Hikvision has provided the 2000 Hotel in Rwanda with world-class video technology that solved a host of our security and operational challenges. They also offer excellent support in one centralised location. We fully appreciate their professional service, and look forward to continuing our working relationship.”