June Chapter Meeting- Holistic Insider Risk Mitigation
Malicious insiders are an existential threat to organizations, undercutting their reputation and finances. Case studies show that specific anomalous behavior can indicate pending malicious activity by organizational insiders. While that activity can be the theft of data, funds, or intellectual property, it can also be destruction of property or even workplace violence.
Traditionally, organizations have addressed these destructive behaviors in a stove-piped fashion. Examples include the disparate (and primarily reactive) organizational responses to the global increase in information security breaches, workplace violence and active shooter situations.
A more effective and efficient way to counter insider risk is by employing a holistic approach that employs countermeasures across the virtual, human and physical domains and leverages the Aristotelian theory of "the whole being greater than the sum of the parts".
Hallmarks of an effective holistic insider risk approach include:
- C-suite support to a comprehensive and inclusive insider risk program.
- A single point of program leadership and accountability.
- Employment of the 'attacker perspective' to identify organizational vulnerabilities.
- A senior cross-organizational panel for collaborative implementation of the program (COO, CFO, GC, HR, IT, SEC, etc.)
- Clearly identified expectations and accountability for employees.
- Staff awareness and accountability that enhances organizational risk detection measures.
- Human behavior that strengthens technical and physical security measures.
- Technical and physical security measures that reduce opportunities for human error or malice.
- Public data collection that enhances anomalous behavior early warning processes.
By leveraging collaboration, inclusion, awareness and accountability in a holistic manner, organizations stand the greatest chance of effectively and affordably reducing the likelihood and/or degree of physical, human, technical or reputational damage resulting from an insider incident.
Mr. LeTellier has 30 years of risk management experience in the public and private sector. He ran security operations as a State Department Diplomatic Security Special Agent and then intelligence and counterintelligence operations as a CIA operations officer and station chief. Twenty years recruiting foreign sources and penetrating intelligence targets gave him an intimate understanding of how insiders are created and defended against. Subsequently, he co-founded a cyber security firm that combined CIA human source and NSA technical expertise for holistic information security assessment, insider threat programs, and risk mitigation. He holds an MBA, MS, and CISSP. He is the founder of the North Langley Group, a senior consultant for TorchStone Global, a member of the INSA Insider Threat Subcommittee, and chair of the ASIS Defense & Intelligence Insider Threat Working Group.