Intelligent CISO Issue 16 - Page 65

same time. HR teams need to be aware of staff well-being and potential red flags, such as low morale or if an employee is undergoing a formal grievance procedure or official reprimand and inform the ITP team as a matter of process. home to various active communities aimed at recruiting company insiders to provide access to networks or extract data. After all, it is easier to recruit someone who is already on the inside than place a ‘plant’ from the outside. Operating via forums or through chat services apps, cybercriminals offer very attractive rates of pay to willing insiders at high value targets such as banks, technology companies and retailers. Companies operating in territories where legitimate pay rates are low are particularly susceptible. Employees who find themselves under financial pressure may be tempted to sell their services to a high bidder. Alternatively, employees who become dissatisfied with the company may aim to ‘punish’ it and make money at the www.intelligentciso.com | Issue 16 Having identified employees with grievances or known financial pressures, avoid becoming an unwitting threat as they exit the company. HR teams should also supply security teams with details of all departing employees so that network access can be revoked immediately when they leave their post. An analysis of the employee’s network activity prior to departure should be done to identify any incidents of breach. HR can work with IT teams using tools such as user behaviour analytics to track their access to systems and data that wouldn’t usually be part of their remit. We know that the human factor is one of the biggest unavoidable weaknesses in corporate security strategy and the most difficult to manage. Additionally, business risk intelligence gives insight into the organisation’s profile on the DDW and other illicit online communities to indicate the threat level facing the business. If threat actors are actively seeking insiders at your organisation, you know that your employees are being targeted and can mitigate risk accordingly. That is why HR teams need to work alongside insider threat programme teams to gain a full overview of employee risk and deploy employee verification procedures, robust policies and intelligence to mitigate insider threat and avoid inviting risk into the organisation. u 3. At termination: Secure off-boarding An obvious high-risk moment is when an employee leaves an organisation. Even if they exit on good terms, research shows that workers often have a proprietary attitude towards data that they have worked on during their employment. HR should firmly remind departing employees of data security policies to Security breaches, whether deliberate or unintentional, almost always involve a human element. 65