"Technology
is not going to save us. Our computers, our tools, our machines are
not enough. We have to rely on our intuition, our true being."
--Joseph Campbell
On a crisp Fall morning, one week after the U.S. National Election we were lining up outside the Harry S. Truman Building outside the United States Department of State. The Bureau of Diplomatic Security - Overseas Security Advisory Council was hosting it's 31st Annual Briefing.
This years briefing was focused on "Security in a World Without Borders" and as we passed through our ID check and screening, the anticipation was high. It's private sector constituents from the Fortune Global 500 to the small U.S.-based professional services firm had one key similarity.
Leaders in attendance recognize that their business is integrated forever with a exponentially expanding system of interconnected machines. CxO's across the globe are competing for business in the era of "The Fourth Industrial Revolution" where the vulnerabilities extend beyond the Critical Assets of the enterprise.
This years keynote address was by Richard Davis, CEO of U.S. Bancorp. His talk was heartfelt by many as he recounted his rise from the days at the branch level securing the vault. Now he emphasized most of his effort was focused on Operational Risk Management (ORM). Data, Identities and Distributed Denial of Service (DDoS) were on his mind everyday now.
Beyond the threats of a Post-ISIL Levant and operating in a world of Transnational Organized Crime, the room was almost full on Day 2 for this 10:45AM panel discussion: "Developing an Insider Threat Program" and was moderated by Elena Kim-Mitchell, ODNI.
The OSAC participants on the panel were:
- Roccie S., Capital One | Financial
- Stanley B., Rolls-Royce North America | Defense Industrial Base
- Joseph L., Southern Company | Energy
The "Human Factor". The point that they all wanted to insure the audience understood clearly, is that all of the analytics software, data loss prevention (DLP) tools and sophisticated technology was not going to stop a determined and motivated adversary.
So what?
Your intuitive abilities as a human shall not be ignored or discounted. How many times have you said to yourself, "I knew something wasn't right with that person". In fact, many times we are alerted to the anomalous behavior of a co-worker because we have the human-factors of intuition that is working 24x7 in our brains.
Gavin de Becker has said it best in his book "The Gift of Fear," yet we must not forget that behavior is something that can be applied to everyone:
- We seek connection with others.
- We are saddened by loss and try to avoid it.
- We dislike rejection.
- We like recognition and attention.
- We will do more to avoid pain then we will do to seek pleasure.
- We dislike ridicule and embarrassment.
- We care what others think of us.
- We seek a degree of control over our lives.
How often have we all said, the signs were there. How many times are the clear and present indicators in the workplace being ignored? A organizations "Duty of Care" is continuously at stake. Human Factors alone, just as software systems alerts alone will continuously expose the enterprise to significant loss events. Here is just one example from the Washington Post:
The Pentagon’s Defense Security Service announced this year that contractors will be required to implement programs that are designed “to detect, deter and mitigate insider threats.” Contractors will be required to designate a senior insider threat official to oversee the program and provide training on how best to implement it.
While many details of the Martin case are not yet known, it is clear that it is not good for Booz Allen to have a second employee charged with stealing secrets from one of its most important customers, officials said.
What is the solution?
Government contractors, private sector businesses and their small and medium enterprises that are within the supply chain ecosystem for products and services, are continuously challenged. They are under the growing umbrella of a myriad of federal acquisition guidelines.
In addition, various export, civil liberties and privacy laws focused on preserving the integrity and trust of the United States in an international marketplace, are compliance mandates for your global commerce.
New solutions are required as a result of the increasing spectrum of threats from individuals in the workplace, to the cyber nexus infiltrating your trade secrets and theft of intellectual property.
The TrustDecisions “Insider Threat Program” (InTP) has been designed from the ground up with organizations operating in highly regulated “Critical Infrastructure” sectors, including Financial, Energy and the Defense Industrial Base (DIB).
Many companies have already started the establishment of an “Insider Threat Program” (InTP). Utilizing Subject Matter Experts from TrustDecisions will provide your organization with the confidence and continuous assurance that you stay on course.
“Achieving Trust” with employees, clients and suppliers is paramount in our digital 24x7x365 economy. Designing and adapting the InTP to your unique culture and the changing threat landscape is a vital strategy.
