Insider Risk - How Vulnerable Are We?

CAMOR Limited recently conducted a poll on how individuals felt organisations were aware in relation to Insider Risk. Below in an article written by CAMOR CEO Paul McDonald. As a company we are recognised for our expertise in the area of Insider Risk as members of the CPNI approved Register of Security Engineers and Specialists.

Our interactive online Employee Vulnerability and Insider Risk Awareness training for Aviation and Non-Aviation industries delivers an understanding of what motivates an insider, the methods of attack, and awareness of behavioural indicators. This enables an organisation and employees to develop a basic understanding of the risk, and prevent or mitigate insider activity, reinforcing the message that protecting an organisation is everyone’s responsibility.

At CAMOR we recently conducted a LinkedIn poll where we asked readers if they believed that organisations had a clear understanding of Insider Risk? From the responses, there was an overwhelming majority of 97% that believed that organisations do not have this clear understanding.

The importance of Insider Risk awareness is critical. Threat actors will seek alternative methods to exploit potential vulnerabilities within organisations. The potential damage, including reputational, financial, and operational to organisations from an Insider Risk should not be over looked. It is vital to reduce vulnerability in your organisation by setting values and creating a strong security culture within it.
This has clearly been recognised by the UK Aviation sector, with mandatory awareness training programmes to be in place by January 2022, however the threat is not exclusive to the Aviation industry.

Insiders continue to challenge security countermeasures, exploit potential vulnerabilities, and increase their knowledge of security procedures for their own illegitimate purposes. The first line of defence to an insider threat are the organisation’s employees themselves. Setting values and creating a strong security culture within an organisation is fundamental to the success of an Employee Vulnerability and Insider Risk campaign. Educating employees on the signs, motives, consequences, methods of reporting and mitigation are fundamental steps in threat reduction and protecting organisations from the insider.
As an ex-Counter Corruption Unit Officer, a barrier to this has always been the risk of being seen as a “whistle blower”. There is no checklist of behaviours, and sometimes it can be easy to make the assumption that certain behaviours always mean an Insider Risk, when there may be a simple explanation. But with a number of ways to report something suspicious, either directly to a line manager or through a confidential reporting mechanism, have the confidence to report something if you believe it to be suspicious or concerning, don’t ignore it.

Intervene and act appropriately, however don’t become a “private investigator”, and don’t wait for something else to happen. If you need to discuss your concerns with another person, approach someone you trust or a line manager. Remember your actions could prevent something from happening, either providing assistance to an individual who is vulnerable or preventing a more sinister motive of an individual. Protect yourself, your colleagues, and your organisation.

On a final note, it is critical that all organisations have a level of awareness as to the types of insider, how to recognise the signs, have the correct training in place, and also reporting mechanisms. Build your Employee Vulnerability and Insider Risk awareness programme, give your people the knowledge, understanding  and confidence to identify and report suspicious indicators and behaviours, and most importantly Report it, don’t Ignore it.

CAMOR's GSAT Training Revealed as a Finalist for an OSPA
November 25, 2021
Disruptive Passengers
November 23, 2021
Does Remote Working Change Your IT Security Stance?
November 9, 2021
Let's Develop the Person Within a Learning Cycle
November 1, 2021
Insider Risk - How Vulnerable Are We?
October 27, 2021
Airbridges Beyond Covid-19 – Safety and Security
October 22, 2021
CAMOR Hold Team Building Event in Edinburgh
October 11, 2021
Recovery at Our Airports – Are we Secure Enough?
October 8, 2021
CPD for CAMOR Team
October 1, 2021
COP 26 - are we outwardly focused at the expense of internal scrutiny?
September 22, 2021
CAMOR attend Lowland RFCA Armed Forces Employer Recognition Scheme Awards Ceremony
September 13, 2021
Launch of Insider Risk & Employee Vulnerability online interactive training course for Aviation
May 26, 2021
           Employer recognition scheme, Gold Award Holder    
With Department for Transport (DfT) Certified Instructors, CAMOR are a UK  Civil Aviation Authority (CAA) Registered Training Provider