Private Air New York Magazine
Issue link: https://privateair.uberflip.com/i/767256
www.privateairny.com Private Air New York | Winter 2016 56 SECURITY and "red flags" that over the years have helped mold their own instincts. Quite frankly, they'll see things that you won't see, and sometimes don't even want to see. Finally, they allow you a valuable degree of separation from actions that some may view as counter to morale and privacy. When contemplating an insider threat program, the following aspects are worth considering: • Intentional and unintentional actions. While over one-half of cyber breaches are from insiders, this includes both those intending to harm and those who inadvertently facilitate a breach after being manipulated through social engineering. While you're statistically more likely to be breached through the unwitting action of a network user, your greatest damage exposure is from a witting insider working either alone or with a criminal or activist group. • Holistic assessment. While there are many so-called technical "solutions" on the market, the insider threat problem requires more than technical expertise. Human, technical and physical threat profiles must all be examined and assessed to identify the points that you, you network, and those close to you are susceptible to social engineering and technical attack. Simple penetration tests or checklists will not suffice and a system- agnostic approach must be followed. • Practical and sustainable solutions. e only valuable recommendations are those that are practical, meaning they fit within the technical capabilities, comfort zone and budget of the recipient. Solutions should be tailored to your unique vulnerabilities, business practices and organizational culture, and be offered in programmatic ways that provide enduring risk mitigation. Beyond hardening your network, solutions should include active monitoring and decision-making processes, and harden your personnel through onboarding and off boarding procedures, new hire cyber security awareness, red flags courses for managers, and cyber security policies, procedures and governance. • Incident response plan. Once an incident occurs, you need to know how to respond. An incident response plan helps you recognize the impact of an insider attack, to take responsibility for that risk, and to reduce damage and ensure business continuity. e plan should be tested through structured walk-through, tabletop, and live exercises. As a final thought, it can be a very challenging, long and costly process to prosecute insider acts. Deterrence in the form of an insider threat program that closes the gaps made by human vulnerability, institutes employee accountability and creates a positive security climate is a cost-effective prevention measure that will not only lower risk from insider attacks, but will reduce the damage should one occur. Author: Val LeTellier is a senior consultant with TorchStone Global, LLC. He has 28 years of risk management in the public and private sector. Prior to providing cyber security consulting, he ran offensive and defensive intelligence, counterintelligence and security operations as a CIA operations officer and station chief, and prior to that as a State Department Diplomatic Security special agent. Twenty years of recruiting foreign sources and penetrating foreign entities gave him an intimate understanding of how nation-states, organized criminals and hacktivists create insider threats. He holds an MBA, MS, and CISSP. "Over one-half of cyber breaches are from insiders, this includes both those intending to harm and those who inadvertently facilitate a breach after being manipulated through social engineering."