The challenge

Many organizations think of cybersecurity threats as originating on the outside. Yet, some of the most potentially damaging threats come from trusted insiders, whether intentionally (e.g., hacktivists or disgruntled employees) or unintentionally (e.g., victims of phishing or clicking on web popups introducing malware such as botnets and ransomware). Employees, contractors or partners have authorized access to many corporate (or government) crown jewels, and what is worse, they know what and where those jewels are.

A proactive solution

An active insider threat risk management program should be an integral part of security for every organization, and may be required for organizations working with the U.S. federal government. CGI helps clients prevent, detect and respond to both intentional and unintentional threats from within their organizations with a proactive approach emphasizing cultural change and collaboration.

Cultural change and collaboration

We focus on cultural and behavioral change so executives and employees alike start to view activities with an insider threat “lens.” Consider this scenario: An employee requests permission to take a part time job in a completely different industry. At first blush, there may seem to be no issue.

Evaluating this matter through an insider threat lens, however, could suggest a need to investigate whether the employee is taking the job due to serious financial troubles and thus is vulnerable to compromising his or her access to information for financial gain. Tools and technologies are only one part of our comprehensive program. Insider threats are human in nature, and require human intervention. There must be collaboration and information sharing across traditionally “siloed” functions of human resources (HR), information technology, cybersecurity, industrial security, legal and communications. Involving these departments in all stages of the program helps organizations understand and prepare for the human element. Key success factors include executive sponsorship for program monitoring, detailed compliance processes and plans, and training workforces to recognize behaviors that are red flags for insider threats, and educating them on enterprise policies.

Data correlation and analytics

Another key enabler to a more proactive posture is the use of data correlation and analytics to uncover potential risks and threats. Predictive analytics can take streams of data from network monitors, physical security devices and HR actions and use them to identify employees who are at highest risk for insider threat activities. For example, a combination of data about an employee’s late office hours, Internet usage, and HR data (performance improvement plan) could trigger an alert.

CGI offers a full spectrum of insider threat program services to assist clients in improving their program maturity. We can step in at any phase to help an organization implement an end-to-end program, starting with an assessment and roadmap, and providing program design, engineering, implementation and management, as needed.