Deterring Insider Threats Takes More Than Technology. It Demands Proper Processes and Culture.


There are many sophisticated technology packages and solutions available to help bolster insider threat programs. Still, without the proper training, processes, and a culture of trust built into the system, technology alone won’t stop the threats.

At the recent Global Security Exchange GSX 2023, a pivotal session titled “Subduing Insider Threats: Transferring Knowledge to CISOs Using Past Successes and Lessons Learned” occurred. The session, led by John Petrozzelli, Director of the MassCyberCenter, broke down the challenges posed by insidious employees with legitimate access. Highlighting that such insiders could be driven by various motivations, from personal gain to allegiance to another country, Petrozzelli emphasized the importance of robust insider threat programs. The session also underscored the value of an acceptable use policy as a potent tool to deter and disrupt such insider threats. With a focus on compliance, operations, and hiring strategies, this session offered invaluable insights into safeguarding organizations from internal vulnerabilities.

Petrozzelli expanded on the lessons, learning, and insights he brought during his session.

John’s Thoughts

“It’s really a combination of approaches. People, processes, and technology gotta have the people educated and trained; you gotta have the processes in place in policy, like acceptable use policies or mobile device policies. And then you have to have the technology monitor.

We’re a quasi-public organization, a dot org versus dot gov. What we do is work on cybersecurity resiliency for the ecosystem in Massachusetts, with a priority on workforce development, specifically resilience on municipalities as well.

What I wanted people to do was to come into the class and learn from some of my successes and mistakes in the past. So, I talked in-depth about some situations where I’ve dealt with insider threats. The key takeaways would be that they should have some idea of what they would want to do in their receptible use policy so they could deter insider threats and that they should always maintain a relationship with people when they don’t need anything with them to set, basically, with trust with people who are going to be people that they’d work with so that they can establish that trust before they need to work with them to mitigate inside reps.

Building Trust in a Hybrid Work Environment

There are two things I’d say; one is this hybrid or commuting environment post-COVID is probably here to stay. How does that change the conflict? Part of my issue was explaining to people that the issues are much more difficult now because you can’t establish trust as easily when you’re not in person.

Right? So you can’t go in and say hi to someone in the office without needing anything. For them because now you’ve gotta do it via Zoom or Teams. So what I had recommended to them was get on a call early.

So, when you have a two o’clock meeting, get on at one fifty-five. Then, use that five minutes to BS with people to establish trust and rapport. So that’s one way that, you know, the evolving cyber security, hybrid, or just even remote work experience changes the insider threat program to make it more difficult. The other side of it is, you know, the negligence of people contributing to insider threats has grown as well.

And that’s become more of a user negligence where they’re not trying to hurt the company, but they’re doing so with their inactivity or their lack of negligence, essentially their lack of awareness to what they’re doing. That’s a security threat.

Addressing the Human Element in Insider Threats

Part one of that is a human issue. It’s a huge human element. From that human side of things, you’ve gotta deal with that’s why I talked about in my class, like identifying partners that you wanna work with stakeholders that you have the shared mission with, like HR, like, like security, like, compliance and legal, and then working with them. And then, on the technical side, you know, use the resources available to you.

And that could be a software component. There’s some really good insider threat software tools out there that will allow you to do some of the work; it goes back to the human side because through human interaction and teaching your employees about reporting something that they see as suspicious, that’s really how gonna identify insiders. You might get lucky and catch them in log activity or exfiltrations with some log activity, but really trying to get humans to identify and then, or report them to somebody, even if it’s just one incident, is really how we’re gonna help to stem the tide of that.

Utilizing Advanced Tools While Maintaining Company Culture

I had mentioned using all the resources available to you, and that’s really like the tools. Some really good insider threat tools out there can do screen capturing, live recording, and monitoring. It goes to your initial part of this with respect to company culture. People might not wanna work for a company that has those things running.

The other thing is unless a company has the prospect of them serving employees in some kind of acceptable use policy or something, it might not work legally for them to be able to do that. It’s really a combination of approaches—people, processes, and technology. You have to have the people educated and trained.

You gotta have the processes in place, like acceptable use policies or mobile device policies, and then you have to have the technology to monitor it.”

Article by James Kent

Follow us on social media for the latest updates in B2B!



AI in content marketing
Generative AI in Content Marketing: Why Creativity & Authenticity Will Make it Work
July 11, 2024

Will 2024 be known as the year AI made waves in content marketing? It sure seems so, with recent AI-driven ads from Toys R Us and Under Armour generating significant buzz online. Not just this: Despite having no official ties to the brand, a mock Volvo ad created entirely by AI has also gone…

Read More
Hiring Made Human: Hiring When You’re a Start-Up
July 11, 2024

The challenges of hiring for a startup have become more pronounced these days than ever. With technological advancements and evolving market demands, startups must be agile and strategic in their hiring practices to ensure success. According to some studies, nearly 90 percent of startups fail, with a significant factor being the inability to attract…

Read More
Focus on the Customer
Fifth Inning – Focus on the Customer
July 11, 2024

In a compelling narrative by Jesse Cole, the Savannah Bananas, a baseball team known for its unconventional approach, has declared advertising dead. Cole emphatically asserts that while advertising may attract customers, it is the fan experience that fosters lasting loyalty. In a bold move, the Savannah Bananas have eliminated all forms of advertising at…

Read More
Dr. Mark Manera talks Trucking Industry
The Trucking Industry Needs a Fitness Overhaul to Jumpstart a Trucking Health Revolution
July 11, 2024

With the trucking industry seeing many changes that prioritize efficiency and productivity, the health of truck drivers has increasingly peaked as a critical concern. With life expectancies for truck drivers averaging 16 years less than the general population, there is an urgent need to address health issues within the industry. Recent initiatives, like the…

Read More