The Ultimate Dilemma: The Insider Threat

There is no question that the likelihood of espionage, embezzlement, sabotage, fraud, intellectual property theft (which can include everything from trade secrets and R&D to drawings, training manuals and research and development theft from current or former employees), is a fundamental challenge to most security executives.

According to one data breach group, 80% of breaches had a root cause in employee negligence. Every year we hear that employee mistakes that lead to data theft will be a top threat to organizations. And at previous conversation forums we have heard that intellectual property theft is a national security risk.

One of the conversations we will have this year will be with Dr. Michael Gelles. Dr. Gelles is a director with Deloitte Consulting LLP Federal practice, consulting in the areas of law enforcement, intelligence, and security. He is a thought leader and widely published author on critical national security issues to include, insider threat, security processing, secure workforce, asset loss, exploitation, sabotage, and workplace violence. Previously, he served as a naval officer and the chief psychologist for the Naval Criminal Investigative Service. 

Dr. Gelles recently published a book entitled Insider Threat: Detection, Mitigation, Deterrence and Prevention. In this book, he presents a set of solutions to address the increase in cases of insider threat. It outlines a step-by-step path for developing an insider threat program within any organization, focusing on management and employee engagement, as well as ethical, legal, and privacy concerns. In addition, it includes tactics on how to collect, correlate, and visualize potential risk indicators into a seamless system for protecting an organization’s critical assets from malicious, complacent, and ignorant insiders. Insider Threat presents robust mitigation strategies that will interrupt the forward motion of a potential insider who intends to do harm to a company or its employees, as well as an understanding of supply chain risk and cyber security, as they relate to insider threat.

We caught up with Dr. Gelles and the conversation spanned a number of topics. Given the fact that Dr. Gelles has experienced The Great Conversation one of the first questions we asked is why he participates.

“The Great Conversation provides the most collaborative setting for the exchange of ideas that help reshape and augment current thinking in the field”, said Dr. Gelles.  “The professional exchange is better than any conference I have attended.”

Since The Great Conversation aggregates conversations with key leaders in the industry to help guide the forum, we asked Dr. Gelles to reflect on what he has learned this year.

“The continued integration of the physical and the logical are shaping the context in which security operates as well as how it is organized”, said Dr. Gelles.  “Security transformation to meet the evolving threat should be on everyone’s top ten list, which should include an internal risk or insider threat program.”

According to Dr. Gelles, to address this challenge a new leadership model must emerge. What will emerge? “Leaders who lead security programs will increasingly need different competencies that include a set of multidisciplinary skill sets that helps mitigate the risk from both the physical and logical threat matrices”, said Dr. Gelles.

As well, he believes the organization’s culture plays a key role. “Culture is a critical component to any risk program”, said Dr. Gelles.  “Culture risk is a phenomenon that can compromise brand and reputation as well as the protection of critical assets. A culture risk mitigation program enables an organization to insure that what they may espouse in behavior, activities, and values is more than just a collective head nod, but translates into key behaviors and employee conduct that is measured; and gaps between what people say versus what they do is mitigated through specific risk mitigation strategies that address culture and behavioral misalignment.  It helps to discern not just what we believe and say but what we actually do in protecting assets.”

Since many insider threats include cyber we asked him to reflect on what he believes are the next steps for the industry ecosystem. “Cyber threats continue to be the common attack mode against business today,” said Dr. Gelles. “It is critical that the external cyber threat is integrated into a proactive and holistic view of threats to develop a security strategy against. Most importantly, move from a reactive to a proactive approach to identifying threats early and mitigating the threat whether that is an external or internal threat.”

At The Great Conversation, Dr. Gelles will be addressing internal threats and risks and advocating: “An integrated solution to mitigate risk by people who conduct business in the virtual and physical world. Prioritizing what is critical to protect and align to a prevent, detect, and respond framework, must be a part of any security strategy”.