Insider Threat Program Development and Training
Build an effective, supportive and employee led Insider Threat programContact us
Insider threat programs work best when they are driven by employees and focus on fostering a supportive but secure culture.
Looking to develop a robust and supportive Insider threat program?
Intentional insider threats can be one of the worst security incidents you can face. They can be hugely embarrassing not to mention damaging owing to the legitimate access an insider possesses.
The need for insider threat programs is being recognised by organisations around the world. They can be difficult to develop and even harder to sell into the organisation. In our experience of developing these programs and training employees the programs that are the most successful are those that have employee assistance programs and support at their heart. Like everything in security a layered approach to insider threat programs is important but so is collaboration with other departments, creating a culture of support and trust and crucially getting employees to not just buy into the program but also drive ideas for development. Insider threat management has to be a team effort.
Insider Threat Workshops
Interactive workshops which use case studies to inform employees and generate actionable ideas on insider threat prevention.
We have developed an effective methodology for developing insider threat maturity for organisations and that has to start with the employees.
Our workshops teach key employees about the 3 types of insider threat attack observed: fraud, theft and sabotage. We work through case studies specific to your industry and attendees work in teams to examine the cases, decide what happened, how it happened and most crucially what could be done to prevent this in the future. We collect the ideas and produce a consumable report at the end that lays out the ideas, concerns and strategies that your employees came up with. These ideas can help drive your program development and give employees a deep understanding of the complexities and sensitivities that exist with insider threat management.
- Workshops usually last between 90 mins and 2 hours.
- Fun and interactive focusing on teamwork
- Report on ideas, strategies and concerns from the employee perspective on the program development
- Employee involvement increases buy in and compliance when the program is launched
Insider Threat Maturity Assessment
Assess your organisation’s insider threat defences against established benchmarks.
Our Insider Threat Maturity Assessment looks at organisation’s ability to prevent, detect and respond to an insider threat incident or attempt.
We use our insider threat maturity framework developed from guidance issued by NIST, US-CERT, UK NCSC and CPNI, INCIBE and other State level organisations to evaluate your current level of maturity against the three types of insider attack. We produce a full report of the assessment along with recommendations for improvement and a more consumable executive summary.
This can be a great starting point for organisations currently at the start of their insider threat program journey but is also useful for those who have a more mature program they are looking to improve.
Insider Threat Program Development
Build an insider threat program that focuses on culture, support and collaboration.
We work collaboratively in partnership with your organisation to build, test and communicate an insider threat program. Every organisation and industry is different and faces different levels of insider risk and has different levels of risk appetite for that risk. Each organisation has developed its own unique culture that needs to be preserved. So we believe this is one area of security management where “one size” definitely doesn’t fit all. Each program we develop is unique to that organisation and reflects their values.
Our experience tells us that the most effective insider threat programs put prevention at their core, and that means focusing on culture, employee assistance programs and support and collaboration with other departments.
We develop programs that are effective in preventing, detecting and responding to insider threat incidents.
Insider Threat Training
High Impact, interactive training to raise awareness of insider threat risks to your organisation. **Coming Soon **
Employees are often cited as being the biggest security weakness in your organisation, we help you turn them into your greatest defence.
Our Insider Threat Training Program has been developed from ground-breaking research into the psychology and motivations of insiders. We use real cases to illustrate the key principles.
Get in touch to discuss how we can help you achieve your security awareness or resilience goals.
Are all insider threats bad apples?
The “bad apples” argument for insider threats is simply too reductionist. Here is why: When an intentional insider threat manifests it is a product of […]
Defcon Talk: Using SE to create insider threats and win all the things
Lisa Forte’s Defcon 2021 talk on social engineering and insider threat. Transcript to follow.
Insider Theft of $119M worth of Coca Cola IP
What happened? An engineer who worked for Coca Cola and other manufacturers is alleged to have stolen valuable trade secrets in order to set up […]
Tesla Insider Threat Case (Khatilov)
Tesla Insider Threat Case Study According to the official Filing, Tesla is suing a former employee and software engineer named Alex Khatilov alleging trade secret […]
Insider Threat $800K Rogue Admin
Rogue Admin: Disgruntled former IT admin Charles E. Taylor quit his job at an unnamed Atlanta based distribution company before going on a sabotage spree costing the company $800,000 USD to redress.
Insider Threat Fraud: £4.6m in self-signed invoices
Of the three categories of insider threat; theft, fraud and sabotage, insider threat fraud is often the most complex, inventive and difficult to detect. This […]