The human dimension of security
Cyber and physical security
are not enough
Understand and manage insider risk
Many of the least well understood risks facing organisations are those arising from insiders - people who betray trust by behaving in potentially harmful ways.
Most corporate risks and cyber security breaches have an insider element. Yet personnel security is rarely given the attention devoted to physical or cyber security – until it is too late.
Insiders have been found in every type and size of organisation, from small tech start-ups to multinational corporations and government departments.
Protect your organisation
The actions of insiders – intentional or unwitting – cause many types of harm:
Loss of data, IP or money
Destruction of physical or cyber assets
Disruption of business and services
Workplace violence and abuse
Compromise of sensitive information
Legal and regulatory action
Erosion of competitive advantage
Loss of stakeholder trust and confidence
Reputational damage
Insiders, wittingly or unwittingly, can also help criminals, foreign states, terrorists and other external threat actors to inflict catastrophic damage.
Tackling insider risk
Insider risk changes over time and evolves to circumvent protective measures. No single process or piece of technology by itself can provide adequate protection. We take a systematic, multi-layered approach in which complementary elements, including leadership, management, culture, and a solid understanding of the risk, are brought together to form an integrated system of personnel security defences. Building a high-trust environment in this way has benefits beyond security.
Our services
We help organisations to understand insider risk and its consequences, identify gaps in their security, and design and build the right defences.
-
Understanding your threat environment and related insider risks
Identifying your current strengths and weaknesses
Recommending improvements based on your resources and current maturity
-
Enabling a shared understanding by your board of your organisation’s insider risk and their responsiblities
-
Awareness of insider issues (HR, IT, legal, learning & development, compliance, and ethics)
Practitioner guidance and problem solving
-
A retained service of independent on-call advice
-
Independent assessment against best practice
-
Facilitating a strategic approach to managing insider risk as part of a broader approach to organisational resilience and security
-
Identifying measures of success, key risk indicators and dashboards
Supporting stakeholder group maturity
-
Tabletop exercises
Practitioner training
Communicating risk