Insider Risk Management Academy
Explore the world of insider threats with this set of introductory videos and white papers.
Learn key factors and controls to modernize Insider Risk Management programs.
Insider Threats and Insider Risk
Insiders are people who have (or had) authorized access to an organization’s information or assets, including intellectual property, facilities, resources, and people. Insider risk refers to potential harm an organization can face from such individuals, whether due to purposeful/malicious acts or unintentional errors. Insider threats are deliberate, malicious acts by an insider to cause harm to the organization. Examples of insider threats include espionage, sabotage, fraud, data theft/data exfiltration, suicidal ideation, and workplace violence. Essentially, all insider threats are a type of insider risk, but not all insider risks become threats.
Detect and Predict Insider Threats
Most insider risk management (IRM) programs rely solely on monitoring for explicit security violations and anomalous user behavior. Organizations need to detect and quickly react to suspicious and malicious user activity within distributed locations, devices, and infrastructure.
However, internal personnel can be coerced or take advantage of their position of trust and access leading to sensitive data exposure, theft, and espionage. Worse yet, they may have varied, periodic, and often unmonitored behavioral issues that culminate into consequential disruptive, destructive, and damaging consequences to your operations, initiatives, and personnel.
Learn why a whole person approach to insider risk management provides more advantage to get left of harm.
Whole Person Approach
A modern insider risk management solution not only leverages technical risk indicators, but also incorporates behavioral factors to enable whole person insider risk monitoring, threat prevention, and coordinated response.
Technical Risk Indicators
User and Entity Behavior Analytics (UEBA) provides important monitoring of online human behavior and non-human events that represent anomalous or malicious activity on servers and devices, or within applications. Your security organization must detect and quickly react to suspicious activity across distributed locations, devices, and infrastructure.
A modern insider risk management solution should leverage your existing physical, endpoint, network, and cloud security data sources to apply to insider risk modeling. This provides investment protection and rapid deployment while allowing an organization to detect more immediate patterns that indicate an explicit insider threat. Cogility understands that effective IRM programs are not simply cybersecurity solutions, nor are they solely the domain of Human Resources (HR): Rather, effective insider risk mitigation is achieved through coordination and information sharing across a range of IT/cyber, Security, Management, and HR stakeholders.
Behavioral Risk Indicators
Behavioral indicators that are observed over a period of time may be recognized as red flags or warning signs of an impending hostile act. A whole person insider risk management approach encompasses technical and behavioral factors to provide an opportunity to recognize at-risk individuals early — i.e., “left of harm” — before they would otherwise be identified by methods that only examine technical indicators.
A modern insider risk management solution that integrates behavioral and technical factors can reveal patterns of higher-risk concerning behaviors that help to predict insider threats — identifying persons on the critical pathway to insider threat, providing the opportunity to reduce or eliminate the risk through preemptive actions and/or supportive interventions that help “turn around” (rather than “turn in”) at-risk individuals.
Shaw, E. D. & L. Sellers. (2015). Application of the critical-path method to evaluate insider risks. Studies in Intelligence, 59(2), 41-48.
The combination of both technical and behavioral data sources is what comprises a more modern, effective, and comprehensive IRM approach that can provide early warning and greater opportunity for proactive mitigation.
Market Insights, Competitive Evaluation, and Vendor Rankings
This analyst report includes a detailed analysis of global IRM market dynamics, vendor landscape, and competitive positioning analysis. The study provides competition analysis and ranking of the leading IRM vendors in the form of the SPARK MatrixTM. This research covers key solution requirements, capabilities and differentiators, and vendor profiles for users to evaluate different providers.
Insider Threat Case Management
Why case management matters? Program managers understand the challenges of building and managing an efficient IRM operations team. Since operations teams are staffed by limited resources who possess a limited bandwidth, continuous improvement is an ongoing area of concern. Equally challenging is the need to advance processes and technology in ways that minimize employee turnover, facilitate uniform assessment and terminology, and maximize productivity. Extensive case management capabilities help power the day-to-day operations for insider threat analysts and to monitor overall program performance.
Key capabilities to consider are:
- End-to-end performance tracking
- Operational program oversight
- Customizable dashboards and reports
- Dynamic scoring and profiling
- Profile assignments
- Detailed profile viewer
- Risk history and indicator traceability
- Assessment text editing
- Case delegation and collaboration
- Custom tagging and fields
It’s important to understand that the insider risk management and case management toolset you choose will either improve case manager proficiency and enable a proactive posture, or increase case file backlog and prolong a reactive posture. Read this white paper on Achieving Insider Risk Management Program Modernization with Integrated Case Management.
Videos
White Papers
Modernize your Insider Risk Management Program
To achieve a comprehensive, proactive insider risk management solution, what is needed is a decision intelligence platform that provides a scalable, advanced behavioral analytic approach to handle the most challenging data processing and decision support demands, plus an integrated case management system that streamlines case assessment and facilitates mitigation efforts.
Going beyond monitoring and reacting to explicit security violations and anomalies, Cogility’s Cogynt™ platform employs an Expert AI-based model of the insider risk analyst’s decision making process, incorporating a hierarchical framework of technical and psychosocial risk indicators that reflects the way that experts think about the problem. Cogynt’s pattern-based analysis derives both explicit and predicted insider risk, delivering consistent expert-informed triage analyses with full provenance. When combined with its full case workflow management, Cogynt provides a state-of-the-art insider risk management approach that exceeds best practices.
