Every month ThreatSwitch hosts a webinar on a topic of interest to the security and compliance community. Thousands of security leaders and practitioners have attended these webinars, but not everyone has an hour to spare. That's why we'll be sharing our CEO's lessons-learned each month right here on the ThreatSwitch blog.
If you want to learn about counterintelligence for industry, you'd be hard pressed to find a better webinar guest than Doug Thomas. Doug is the Director of Counterintelligence and Corporate Investigations for Lockheed Martin. His wide-ranging career makes him one of the most influential counterintelligence and insider threat practitioners in the country. Below are the 3 lessons I learned from my conversation with Doug.
1. Insider threat organization and governance is critical
You might have heard of Lockheed Martin; they are a pretty big company. You would expect that their insider threat organization would be robust and well-organized, and it is. However, Doug drove the point home that middle market companies can and must be connected to leadership and establish clear functional accountability and communication to work. That means:
- Centralized commitment and leadership with decentralized execution
- Structure that drives coordination across cyber, security, human resources, ethics, legal, and communications
- Oversight that connects to the corporate board, internal audit, risk & compliance, and regulatory requirements
Our adversaries know this, which makes it even more important that mid-sized companies organize and operate their insider threat program effectively.
2. Insider threat is broader and deeper than you think it is
When many of us think about insider threat, we think about NISPOM change 2. Or maybe we think about behavioral analysis on our corporate network. Or maybe we think about foreign travel and contacts. These -- and many other angles -- are all correct but individually insufficient. Insider threat isn't just an IT problem or a security problem -- it's an interdisciplinary focus that demands communication and coordination from everyone. That includes:
- Planning - building buy-in from leadership, benchmarking peer companies, and understanding the many stakeholders to an insider threat program
- Development - selection of the right tools, understanding risk indicators, identifying assets (physical and conceptual), and identifying the many data sets where that information is stored
- Implementation - Ingesting that data into tools, messaging to employees, and managing incidents
- Governance - coordinating departments, conducting oversight, measuring progress, and red teaming the program
3. Communication and trust drive participation
Throughout Doug's talk, he came back to a critical, often-missed perspective: without transparency and trust, insider threat programs won't work. Employees that don't trust the program won't participate. Departments that aren't bought in will ignore it. Insider threat is about people. Introducing your program to employees properly, and providing absolute transparency in how you are conducting your program ethically, is of utmost importance.
If you missed Doug's webinar you can always head to our resources page to view the recording, along with many other great speakers and tools to help you succeed.
ThreatSwitch puts employees at the center of your security and insider threat program.
Schedule a demo to find out just how different we are.