In the second episode of Conversations from the Inside: The Psychology of Insider Risk Management: Time and Place Matters, renowned intelligence and security expert Christopher Burgess sat down with MITRE’s Chief Scientist for Insider Threat Research & Solutions and Senior Principal Behavioral Scientist for Insider Threat, Dr. Deanna Caputo, to discuss the role of human behavior and psychology in insider risk management.
In this blog post, we’ll explore some key takeaways from the discussion. You can also watch the full episode replay below:
Leveraging Behavioral Sciences: Patterns of Behavior are Key
When monitoring human behavior, organizations often look for a personality trait or even disorder to indicate an individual shouldn’t be hired or trusted. However, no data indicates specific personality types can explain insider threat activities.
For today’s digital and distributed enterprise, successful insider risk management (IRM) requires visibility into insiders’ past behavior patterns to help organizations anticipate and mitigate future risks.
IRM programs need to focus less on an individual’s internal motivations and more on the types of behaviors that security teams will see. For example, what does ‘normal’ or ‘baseline’ behavior look like to you in your program? What does it look like for your colleagues? Trying to determine a root cause isn’t something you can measure with certainty, which is what makes understanding the behaviors that manifest so integral to mitigating insider risks before an incident occurs.
Focusing on patterns of behaviors enables security teams to gain insight into how employees do their work (baseline performance) and monitor whether subtle changes occur over time or whether there is a dramatic shift. To determine whether individuals’ behaviors are truly concerning, organizations must examine them within the context of other data sources to determine whether a real risk or another explanation is causing the shift. For example, a dramatic change in employee behavior may result from taking on a new role at a company, going on vacation, a financial debt, an illness in the family, etc.
The Role of HR: Communication is Key
Collaboration with HR is critical to establishing an effective IRM program. The biggest hurdle to getting HR specialists and leaders’ buy-in is usually their lack of knowledge about what security teams are not doing with data collected by an insider risk management program. An essential stakeholder engagement includes offering HR additional visibility into how the data that is being collected is and is not used.
Analysts don’t have time to comb through every piece of data for every employee. In fact, most insider risk programs spend most of their time showing that there isn’t insider risk within an organization. These data points are collected to provide historical context to alert an organization to risky behavior.
Leveraging Behavioral Sciences
Understanding human behavior is the key to developing an effective insider risk program. Every employee presents a risk to an organization, but not all will turn into threats. Labeling individuals is the most significant risk enterprises should be wary of when leveraging behavioral sciences in cybersecurity, making it critical that extensive due diligence is conducted before engaging an employer/employee on potential risks.
The goal isn’t to invasively investigate individuals but to leverage behavioral science to identify specific behaviors or patterns of behaviors indicative of insider risk.
An effective and efficient insider risk program will protect employee privacy while providing the real-time contextual behavioral intelligence needed to answer the Who, What, When, Where, Why and How related to any potential insider situation.
If you enjoyed this topic, be sure to read Busted: The Misconceptions of Insider Risk Programs, also featuring insights from Dr. Deanna Caputo.