Birds in air


Learn how to mitigate your cyber risk

Building an effective insider threat program

Organizations continue to face a variety of insider threats, as demonstrated by a string of high profile cases where employees in pursuit of validation or affirmation have used their knowledge and access to physical and/or information systems to cause significant damage. These cases highlight vulnerabilities and underscore a historical perception that insider threat mitigation is predominately a cyber-security challenge, and categorized as a strictly information technology responsibility. This approach will leave the organization vulnerable to existing and emerging insider threats. Deloitte takes a fundamentally different view that insider threats are more effectively addressed as part of a holistic and risk-based program.

Building an effective insider threat program

Mitigating insider threats requires a comprehensive, risk-focused program involving a wide range of stakeholders and operational areas. As the workplace becomes more complex and insider threats become more difficult to detect, the tools and detection techniques must become smarter and capable of adjusting to the evolving threat. Having too many security controls can impede the mission. Having too few increases vulnerabilities and leaves the organization exposed. Insider threat programs should strike the proper balance between countering the threat and accomplishing the organization’s mission. Quick responses, real-time data feeds, and analysis of behavioral indicators are imperative to stay in front of the insider’s exploitative tactics. The goal is to detect anomalies as early as possible and investigate leads in order to interrupt the forward motion of potential insider threats before assets, data, or personnel are compromised.

Publication: Insider threat first edition

Insider Threat: Prevention, Detection, Mitigation and Deterrence, authored by Mike Gelles, managing director with Deloitte Consulting LLP's Federal Government Practice, presents a set of solutions to address the increase in cases of insider threat. This includes espionage, embezzlement, sabotage, fraud, intellectual property theft, and research and development theft from current or former employees. This book outlines a step-by-step path for developing an insider threat program within any organization, and is an ideal research tool for executives and managers who want the latest information available on protecting their organization’s assets.

Building an insider threat mitigation program

Deloitte takes a fundamentally different view that insider threats are more effectively addressed as part of a holistic and risk-based program with broad participation required (e.g., legal, information assurance, human resources, physical security, information technology, etc.) and sponsorship by executive leadership. Deloitte has developed a top ten list for leaders to consider as they design, build, and implement a formal insider threat mitigation program. At a time when accountability is a primary leadership responsibility, an insider threat mitigation program can bolster deterrence and provide an early detection, prevention, and response mechanism assuring the business, protecting employees, and safeguarding critical data, systems, and facilities.

A secure, vigilant, and resilient program

Over the past three years, Deloitte has designed, built, and implemented insider threat programs across a myriad of industries in both the public and private sectors (e.g., Federal government, oil and gas, technology, financial services, insurance, law enforcement). Establishing a secure, vigilant, and resilient program requires a carefully guided implementation and the maturation of three core insider threat capabilities: Prevention, detection, and response. While it may not be realistic to interrupt every potential insider attack before damage is inflicted, it is possible and prudent to build an early detection capability into an organization’s operations to increase resiliency with the goal of limiting damage. The following twelve considerations represent lessons learned, specific insights, and leading practices from our extensive experience maturing insider threat programs.