Insider Risk Management and IP Security: If It Were Easy, Everyone Would Be Doing It (Well)

Originally published by Code42.

Written by Eric Ewald, Insider Risk Lead, Cyber Technology Solutions Group, Booz Allen Hamilton.

Current challenges & risks

At this point, we can all admit that Insider Risk Management and IP security programs are difficult for many organizations to operationalize. Our programs must ensure that monitoring procedures don’t infringe on the privacy rights of our employees and business partners. Further, we must also drive collaboration within the proverbial “business” to ensure protections for critical IP and trade secrets focus on what really matters. Our solutions must also simultaneously ensure that the controls we implement maximize user experience and minimize unnecessary “security friction”. Lastly, we have to add responsibility for program governance and oversight to this long list of initiatives.

If we don’t cover all of our bases before we start to operate, our programs can erode organizational trust to the point where any and all support is lost and our program ceases to operate (yikes!). That’s quite a tough pill to swallow for many companies who struggle to secure funding for cybersecurity people resources and technologies, especially considering the cyber risk and threat landscape that teams are up against in 2023:

• Emerging regulations in high-risk geographies that allow states to compel citizens to commit espionage while promoting attractive international trade terms to coopt foreign investment

• Threats of AI-enabled social engineering amidst a hostile geopolitical climate while the working world is still struggling with post-COVID operational confusion

• Maintaining 24×7 remote, wait: we’re hybrid, nope: now BACK-to-the-office – operations is pushing employees beyond burnout, to the point where they are so disengaged that they take whatever risky path of least resistance they can to get their jobs done

In the face of such harsh realities, it’s unsurprising that 76% of CISOs expect data loss from insider events to increase in the next 12 months at their organization. With this point in mind, it’s critical that we work together to define a rubric for Insider Risk and IP security program development that positions everyone for success. We need to focus on answering the age-old question: “What does [a] good [program] look like?”

The best approach

The answer to that question lies in the relationship between Governance, Protection, Detection, Response, and Recovery + continuous Improvement, our tenets of holistic Insider Risk Management and IP security:

The graphic above depicts the type of quantitative risk reduction over time that we are all trying to achieve and demonstrate to our leadership teams. But how exactly do we reduce risk? From the perspective of Insider Risk Management and IP security programs, we reduce risk by injecting valuable business context into all facets of our work. When we work with client organizations, we commonly see Insider Risk and IP security programs that start down a purely technical path, putting Detection and Response as Priority #1, often overlooking Governance entirely. When this is the case, we instruct clients to look left and focus on engaging with stakeholders to educate them on precisely what it means to have an Insider Risk or IP security program. Work with your stakeholders early and often to identify their needs and concerns.

When we work closely with our lines of business and functional teams, we inject valuable and relevant context into our programs that help them maintain relevance. The graphic above demonstrates that as we work with the business and inject valuable context into our program, the fidelity of that work will also increase. The cumulative impact of increasing context and fidelity reduces the inherent level of effort required to do the work at hand. When we keep program resourcing at the forefront, the reduction in effort helps us get through more and more work incrementally (e.g., more alerts, incidents, issues, initiatives, etc.), which will help us reduce organizational risk over time.

About the Author

Eric Ewald is the Insider Risk Lead, Cyber Technology Solutions Group, at Booz Allen Hamilton.