Insider Threat Program Development and Training

Build an effective, supportive and employee led Insider Threat program

Contact us

Insider threat programs work best when they are driven by employees and focus on fostering a supportive but secure culture.

Looking to develop a robust and supportive Insider threat program?

Intentional insider threats can be one of the worst security incidents you can face. They can be hugely embarrassing not to mention damaging owing to the legitimate access an insider possesses.

The need for insider threat programs is being recognised by organisations around the world. They can be difficult to develop and even harder to sell into the organisation. In our experience of developing these programs and training employees the programs that are the most successful are those that have employee assistance programs and support at their heart. Like everything in security a layered approach to insider threat programs is important but so is collaboration with other departments, creating a culture of support and trust and crucially getting employees to not just buy into the program but also drive ideas for development. Insider threat management has to be a team effort.

Insider Threat Workshops

Interactive workshops which use case studies to inform employees and generate actionable ideas on insider threat prevention.

We have developed an effective methodology for developing insider threat maturity for organisations and that has to start with the employees.

Our workshops teach key employees about the 3 types of insider threat attack observed: fraud, theft and sabotage. We work through case studies specific to your industry and attendees work in teams to examine the cases, decide what happened, how it happened and most crucially what could be done to prevent this in the future. We collect the ideas and produce a consumable report at the end that lays out the ideas, concerns and strategies that your employees came up with. These ideas can help drive your program development and give employees a deep understanding of the complexities and sensitivities that exist with insider threat management.

  • Workshops usually last between 90 mins and 2 hours.
  • Fun and interactive focusing on teamwork
  • Report on ideas, strategies and concerns from the employee perspective on the program development
  • Employee involvement increases buy in and compliance when the program is launched

 

Insider Threat Maturity Assessment

Assess your organisation’s insider threat defences against established benchmarks.

Our Insider Threat Maturity Assessment looks at organisation’s ability to prevent, detect and respond to an insider threat incident or attempt.

We use our insider threat maturity framework developed from guidance issued by NIST, US-CERT, UK NCSC and CPNI, INCIBE and other State level organisations to evaluate your current level of maturity against the three types of insider attack. We produce a full report of the assessment along with recommendations for improvement and a more consumable executive summary.

This can be a great starting point for organisations currently at the start of their insider threat program journey but is also useful for those who have a more mature program they are looking to improve.

Insider Threat Program Development

Build an insider threat program that focuses on culture, support and collaboration.

We work collaboratively in partnership with your organisation to build, test and communicate an insider threat program. Every organisation and industry is different and faces different levels of insider risk and has different levels of risk appetite for that risk. Each organisation has developed its own unique culture that needs to be preserved. So we believe this is one area of security management where “one size” definitely doesn’t fit all. Each program we develop is unique to that organisation and reflects their values.

Our experience tells us that the most effective insider threat programs put prevention at their core, and that means focusing on culture, employee assistance programs and support and collaboration with other departments.

We develop programs that are effective in preventing, detecting and responding to insider threat incidents.

Insider Threat Training

High Impact, interactive training to raise awareness of insider threat risks to your organisation. **Coming Soon **

Employees are often cited as being the biggest security weakness in your organisation, we help you turn them into your greatest defence.
Our Insider Threat Training Program has been developed from ground-breaking research into the psychology and motivations of insiders. We use real cases to illustrate the key principles.

 

Get in touch to discuss how we can help you achieve your security awareness or resilience goals.

By submitting your message and your phone number and/or email address, you are permitting us to contact you by these means in response to your enquiry or feedback. You also acknowledge that you have read our privacy terms and that you consent to our processing data in accordance with them. Read our privacy policy here.

    Related Content

    Are all insider threats bad apples?

    The “bad apples” argument for insider threats is simply too reductionist. Here is why: When an intentional insider threat manifests it is a product of […]

    Read more

    Defcon Talk: Using SE to create insider threats and win all the things

      Lisa Forte’s Defcon 2021 talk on social engineering and insider threat. Transcript to follow.

    Read more

    Insider Theft of $119M worth of Coca Cola IP

    What happened? An engineer who worked for Coca Cola and other manufacturers is alleged to have stolen valuable trade secrets in order to set up […]

    Read more

    Tesla Insider Threat Case (Khatilov)

    Tesla Insider Threat Case Study According to the official Filing, Tesla is suing a former employee and software engineer named Alex Khatilov alleging trade secret […]

    Read more

    Insider Threat $800K Rogue Admin

    Rogue Admin: Disgruntled former IT admin Charles E. Taylor quit his job at an unnamed Atlanta based distribution company before going on a sabotage spree costing the company $800,000 USD to redress.

    Read more

    Insider Threat Fraud: £4.6m in self-signed invoices

    Of the three categories of insider threat; theft, fraud and sabotage, insider threat fraud is often the most complex,  inventive and difficult to detect. This […]

    Read more
    Menu