By Doug Thomas, Lockheed Martin Corporation, a 2014 CSO40 award recipient
With the increased emphasis on the need to mitigate the risk of the insider threat, I’m often asked, how? Measures to safeguard company or government information from an outsider may not be infallible, but at least they are aimed at a very specific and easily identifiable subset of the population: any unauthorized individual. So what do you do? You put security guards outside the building, install ID card readers at every entrance, and employ state of the art defense measures on your networks.
What happens when that person is authorized? Every day the insider walks right past the security guards, scans his ID card at the door, and logs into the company network. For this reason, safeguarding against the threat of an insider is much more complex.
Many people assume that network monitoring is the definitive answer to detecting insider activity. It is true that in today’s digital age the actions of an insider most often involve the use of an IT asset, but companies are not always equipped with the resources for the level of monitoring required to detect malicious activity across an entire network. While IT monitoring is an invaluable tool and those partnerships are absolutely critical, in my opinion it’s not the sole solution.
The insider threat is a human issue and, therefore, mitigation strategies must involve more than strokes on a keyboard.
If you look at previous instances of theft of trade secrets or espionage, you’ll notice that in the vast majority of cases there were warning signs before the fact. A comprehensive insider threat program must combine cyber capabilities with a training & awareness component to educate the employee workforce on recognizing some of the behavioral indicators of insider threat activity.
Too often in the aftermath of an espionage case or workplace violence event, coworkers will reflect on warning signs observed, but they didn’t recognize them as such or didn’t feel comfortable getting involved. At the CSO40 Confab + Awards, Lockheed Martin Vice President and Chief Security Officer, Bob Trono, spoke about the need to cultivate a new culture in the workplace, a culture where employees are aware of the warning signs associated with not only espionage activity, but also plans of workplace violence or suicidal ideations in a coworker, and when observed, will engage with leadership on their coworker’s behalf.
By creating a company culture of employee engagement, employees become empowered to not only recognize the warning signs of espionage, workplace violence, or suicide, but to say “I think my coworker is going through a difficult time. I think I should act.”
Douglas D. (Doug) Thomas is the Director of Counterintelligence Operations and Corporate Investigations for Lockheed Martin Corporation. In this capacity, he leads a staff that is responsible for providing advice and guidance relative to counterintelligence and counterterrorism matters impacting the Corporation.
Lockheed Martin Corporation was a 2014 recipient of the CSO40 award, presented to 40 organizations for their security projects and initiatives that demonstrate outstanding business value and thought leadership. CSO40 winning organizations recognized — and many presented their projects — at the CSO40 Security Confab + Awards event, hosted by CSO March 31-April 2. Lockheed Martin Corporation presented on April 1.
This article is published as part of the IDG Contributor Network. Want to Join?