Insider Risk Monitoring for Counter Intel
Today, most organizations address insider risk prevention by focusing on the cyber domain: building increasingly sophisticated electronic fences around their data, digital assets, and cyber networks.
They are also increasing their electronic monitoring of employee activity, while on work networks or devices. They seek to observe, listen and analyze every keystroke, text, tweet, Facebook post, the list goes on. Organizations are continuously seeking to maintain cyber alignment between threat vectors
and their organization’s defense. Many believe we can spot insider threat by watching network activity or running electronic conversations through sentiment analytics only. But, there is a gap. A gap in cyber defense opens the day after an employee passes a background check. And that gap grows every single time an employee leaves their workplace and logs off the network. What was so important to know and assess in the last background checks has fallen off the scan. Criminal arrest outside of work, and material changes in their personal financial condition are the two leading indicators of insider risk. These acts and behaviors outside of the workplace provide a breeding ground for hostile actors employing basic counterintelligence trade craft as they seek to find the employee with that hidden secret they can exploit. Too often these external threats will discover the “secret,” hidden from the organization because they are looking for it and the organization is not.
Consider the challenges that make a trusted employee vulnerable to blackmail or coercion: a need for money for a family crisis, spiraling debt resulting from an unknown gambling addiction or perhaps a sudden medical emergency or recent divorce, college tuition, or elderly care. Or it could be the employee who was arrested and booked for criminal activity that has gone unreported. The data supports that personal financials are #1 reason that security clearances are not renewed.
These are the access points that the external threat seeks to uncover and exploit. Now consider the amount of personal information that is swirling around in public databases or the Dark Web every day. At first glance it might seem harmless and scattered, but in the hands of bad actors this is how they profile. This is how they discover who they need to social engineer or coerce to carry them past your cyber perimeter. Most of this unseen negative activity takes place away from work, which accounts for about 60% of your annual employee’s activity and defines the scope of your current gap. These behavioral stressors have been proven to drive good employees to take advantage of their inside access for personal gain or to fix the mess they are in. These stressors can also build into the emotional stress that leads to workplace misconduct.
ClearForce was designed to cover this counterintelligence gap. ClearForce helps see behind the façade of a struggling employee to uncover an insider that may become a possible threat, or is vulnerable to being approached by a bad actor. ClearForce proactively identifies employees with increased financial or criminal stress in real time with event driven alerts. It allows for early informed intervention by the organization, that in many cases will solve the problem right there, before it can escalate and before the employee becomes vulnerable and emerges as an insider risk.
Additionally, once the potential risk is identified, ClearForce provides an operationally efficient, legally compliant and bias-free workflow that enables an organization to take appropriate actions. ClearForce was built with an understanding that you hired the employee, invested in them and you want to keep them. ClearForce also ensures that throughout this transparent process there are pathways for the employee to review, correct or challenge inaccurate or incomplete information. ClearForce’s role-based architecture automates checks and balances; and all information is secured and archived within a centralized system.