same time. HR teams need to be aware
of staff well-being and potential red flags,
such as low morale or if an employee is
undergoing a formal grievance procedure
or official reprimand and inform the ITP
team as a matter of process.
home to various active communities
aimed at recruiting company insiders to
provide access to networks or extract
data. After all, it is easier to recruit
someone who is already on the inside
than place a ‘plant’ from the outside.
Operating via forums or through chat
services apps, cybercriminals offer very
attractive rates of pay to willing insiders
at high value targets such as banks,
technology companies and retailers.
Companies operating in territories
where legitimate pay rates are low are
particularly susceptible. Employees who
find themselves under financial pressure
may be tempted to sell their services to
a high bidder.
Alternatively, employees who become
dissatisfied with the company may aim
to ‘punish’ it and make money at the
www.intelligentciso.com
|
Issue 16
Having identified employees with
grievances or known financial pressures, avoid becoming an unwitting threat as
they exit the company. HR teams should
also supply security teams with details of
all departing employees so that network
access can be revoked immediately
when they leave their post. An analysis
of the employee’s network activity prior
to departure should be done to identify
any incidents of breach.
HR can work with IT teams using tools
such as user behaviour analytics to track
their access to systems and data that
wouldn’t usually be part of their remit. We know that the human factor is one of
the biggest unavoidable weaknesses in
corporate security strategy and the most
difficult to manage.
Additionally, business risk intelligence
gives insight into the organisation’s
profile on the DDW and other illicit
online communities to indicate the
threat level facing the business. If threat
actors are actively seeking insiders at
your organisation, you know that your
employees are being targeted and can
mitigate risk accordingly. That is why HR teams need to work
alongside insider threat programme
teams to gain a full overview of employee
risk and deploy employee verification
procedures, robust policies and
intelligence to mitigate insider threat and
avoid inviting risk into the organisation. u
3. At termination:
Secure off-boarding
An obvious high-risk moment is when an
employee leaves an organisation. Even if
they exit on good terms, research shows
that workers often have a proprietary
attitude towards data that they have
worked on during their employment.
HR should firmly remind departing
employees of data security policies to
Security breaches,
whether deliberate
or unintentional,
almost always
involve a human
element.
65