DTEX is proud to have sponsored the first videocast episode of Conversations from the Inside: A Sit-Down with the Leaders Shaping the Insider Risk Landscape, hosted by intelligence and security expert Christopher Burgess. For the inaugural episode, Christopher sat down with Vaillance Group CEO, Shawnee Delaney, whose experience includes working with the DIA and Fortune 500 companies like Uber and Merck.
During this discussion, Shawnee offered first-hand insights into detecting, preventing, and investigating adversarial threats within a formalized insider risk program. Here are some of the key takeaways highlighted in the videocast.
Building the Foundation of a Successful Insider Threat Program
Much like building a home, developing a successful insider risk program is a lot of work that often comes with a lot of stress. It requires a solid foundation which is, in this instance, an organization’s training and awareness program. Success requires a common understanding at the ground level to ensure everyone is aware of potential red flags and the basic principles of good cyber hygiene.
Securing the Right C-Suite Buy-in
All industries have a different overarching culture and different ways of operating. While insider risk programs often sit under the purview of cybersecurity or IT personnel, ownership of the program is far less important than ensuring that the individual overseeing it recognizes the human element at play.
To successfully mitigate insider risks, organizations need true champions at the C-suite level that will talk the talk and walk the walk. For this reason, the individual rolling out the program must be a respected leader, preferably at a director level or above, that can sell executives on the importance and value of implementing an insider risk program.
Effective top-down communication sends a clear message that insider risk is everyone’s responsibility in a way that establishes workforce trust and camaraderie. An insider risk program leader must be capable of acting as a central hub, pulling data from HR, IT/Security, and Legal, and having the autonomy to manage the overall process.
Transparency, Tone and Timing
Nobody wants to work in an environment fraught with distrust, which makes tone and timing so important when rolling out an insider risk program. It’s important to ensure your training doesn’t adopt the legacy “big brother is watching” tone many employees have become accustomed to in today’s hybrid work environment. If executives want to see success when rolling out these initiatives, they need to recognize and acknowledge the human element at play from the start. The tone of the training should be empowering to drive a trusted workforce, where employees are armed and motivated with the tools and incentive to help mitigate risk.
If you missed out on the live event, be sure to watch the full replay. To learn more about the trends shaping the insider risk landscape, download our recently released 2023 Insider Risk Investigations Report.