In our work we have identified three key non-technical factors in developing and sustaining a proactive ability to detect, mitigate, respond and recover from insider risk incidents. These have emerged through working with organisations dealing with complex threats, diverse cultures and many different and often failed attempts to address problems though technical means.
Many business leaders have become frustrated by the confusing array of technical solutions to insider threats that require huge investment in analysis and changes to an organisation's IT infrastructure. Each solution often addresses only a single weakness or threat vector and can even compound the problem. In addition, closing off the simpler routes to attack can leave an organisation open to more serious threats. We conducted analysis of over 100 case studies of insider risk incidents from across various domains from IT security, civil aviation, defence, financial services and different types of insider risk from accidental disclosures, intentional high profile release of confidential information, to fatal violent actions. From this we identified three common underlying factors that could have avoided or mitigated the risk.
Many business leaders have become frustrated by the confusing array of technical solutions to insider threats that require huge investment in analysis and changes to an organisation's IT infrastructure. Each solution often addresses only a single weakness or threat vector and can even compound the problem. In addition, closing off the simpler routes to attack can leave an organisation open to more serious threats. We conducted analysis of over 100 case studies of insider risk incidents from across various domains from IT security, civil aviation, defence, financial services and different types of insider risk from accidental disclosures, intentional high profile release of confidential information, to fatal violent actions. From this we identified three common underlying factors that could have avoided or mitigated the risk.
- Healthy Organisational Sensemaking: How well do different parts of the organisation deal with ambiguity and are they able to identify and respond to unusual situations with clarity and awareness?
- Mindful Management: Is there training for senior management to maintain clarity and cohesion when faced with complex challenges? How well can they appreciate the problems and generate successful, appropriate solutions/interventions?
- Applied Behavioural Intelligence: Does the organisation have the ability to apply structured methods for exploiting behavioural intelligence and the ability to interpret and support sensemaking at key points on the critical path to insider risk; including recruitment, review and post incident investigation?
"Behavioural Intelligence requires subject matter expertise in human behaviour, knowledge of the intelligence cycle for planning and execution, critical thinking, and effective and appropriate decision making to augment the execution of insider threat identification and mitigation", Andy Swarbrick, Director, J2S Insider Risk.
J2S Insider Risk therefore brings together professionals from security, intelligence and law enforcement who bring new and innovative ways to counter the insider threat using behavioural intelligence, narrative analysis, social network analysis, organisational communication theory, linguistic analysis, organisational risk management practices encased in cutting edge technology.
Behavioural Intelligence underpins the critical pathway to insider risk. They focus tactical/technical, operational, and strategic collection and analysis of behavioural intelligence information to provide a holistic approach to identifying and managing at-risk employees. This is executed using a multilateral approach and combines the J2S Behavioural Assessment Framework with Sensemaking as used by Tony Quinlan CEO of Narrate, Digital Communication and Applied Linguistics methods developed by Nicola Mee, Head of Insider Risk and Andy Swarbrick, Director of J2S Insider Risk as well as drawing on the Critical Path to Insider Risk developed by Dr Eric Shaw, CEO of Insider Risk Group.
Contact us to find out how you can make sense of, plan and direct your organisation's operations towards reducing the insider threat.
Behavioural Intelligence underpins the critical pathway to insider risk. They focus tactical/technical, operational, and strategic collection and analysis of behavioural intelligence information to provide a holistic approach to identifying and managing at-risk employees. This is executed using a multilateral approach and combines the J2S Behavioural Assessment Framework with Sensemaking as used by Tony Quinlan CEO of Narrate, Digital Communication and Applied Linguistics methods developed by Nicola Mee, Head of Insider Risk and Andy Swarbrick, Director of J2S Insider Risk as well as drawing on the Critical Path to Insider Risk developed by Dr Eric Shaw, CEO of Insider Risk Group.
Contact us to find out how you can make sense of, plan and direct your organisation's operations towards reducing the insider threat.