15 September 2019

Never Forget: Beyond 9/11 & Adapting Inside the Enterprise...

"Being a patriot doesn't mean prioritizing service to government above all else.  Being a patriot means knowing when to protect your country, knowing when to protect your Constitution, knowing when to protect your countrymen, from the violations of and encroachments of adversaries.  And those adversaries don't have to be foreign countries."  Ed Snowden

One could wonder whether even just one of the individuals working with your organization internally or externally has the same or similar mindset of "Ed".  The question is, what are you doing as an Operational Risk Management(ORM) leader, to be legally proactive in your "Insider Threat" approach with employees, partners and your extended supply chain?

The adversary working with you inside your company, agency or partner, doesn't always start out to bring loss events to your enterprise.  It could take years, or months to develop a real justification in the adversaries mind, yet even when the activities and behaviors are evident, they are all to often missed, never understood or just too late to interrupt:
The National Counterintelligence and Security Center (NCSC) and the National Insider Threat Task Force (NITTF) are today partnering with federal agencies across the government to launch “National Insider Threat Awareness Month” during September 2019. Throughout September, the Office of the Director of National Intelligence, the Department of Defense, the FBI, the Department of Homeland Security, the Department of State and other federal agencies will be holding events to emphasize the importance of safeguarding our nation from insider threats and to share best practices for mitigating those risks.  
How could you and your organization improve and adapt your current practices to raise the bar of excellence?  What can you do each day to make the quality and the results of your programs even better?

First, begin to understand the process by which events can trigger new behaviors in an individuals perceived stressors and lack of personal control.  Second, expand your proactive organizational toolkit, to include such proven technologies such as sentiment analysis for marketing purposes.

These same tools with the proper legal oversight and "Acceptable Use Policy" can be effective in your early warning systems.  Enterprise Risk Management also incorprates oversight and protections for privacy and civil liberties.

Here are five steps to be proactive at your organization in the U.S. this month of September 2019:
  • Create, refine and share your organizations "Insider Threat Program "(InTP) vision.
  • Educate, clarify and communicate the authorities, roles and policies of the program.
  • Validate tools, models and sources of information.
  • Plan ahead for the utilization of automated tools and human behaviors observed.
  • Seek better solutions to a continuously changing enterprise & supply chain environment.
Never Forget.  We have all heard the thought "Never Forget," when it comes to our recent anniversary of 9/11.  Yet we must simultaneously remember, that our adversary may be hiding in plain sight...