Blog: Managing threats from within

In the latest Rose Partners blog, our CEO Adam Honor explains the dangers of insider threats with an example we can all recognise.

Many of us have fond childhood memories of reading Roald Dahl’s Charlie and the Chocolate Factory. There is a particular passage in one of the preliminary chapters that bears relevance today in how we manage the risks posed by the insider threat within our companies:

Grandpa Joe – ‘You see, Charlie,’ he said, ‘not so very long ago there used to be thousands of people working in Mr Willy Wonka’s factory. Then one day, all of a sudden, Mr Wonka had to ask every single one of them to leave, to go home, never to come back.’

 ‘But why?’ asked Charlie. ‘Because of spies.’ ‘Spies?’

‘Yes. All the other chocolate makers, you see, had begun to grow jealous of the wonderful sweets that Mr Wonka was making, and they started sending in spies to steal his secret recipes. The spies took jobs in the Wonka factory, pretending that they were ordinary workers, and while they were there, each one of them found out exactly how a certain special thing was made.’

In short, Mr Wonka was being ripped off by an aggressive insider threat agenda driven by the competition. His tradecraft, trade secrets and IP were walking out the door and being replicated by the unscrupulous competition. In response, Wonka sacked everyone, closed the gates and employed an army of Oompa Loompas.

Wonka was clearly not running a robust Operational Resilience / Security function that had a controls-based framework to secure his assets, ideas and intellectual value. Nor did he recognise the talent of the staff, a business’s most valuable asset, and the role they can play in managing an insider threat program.

What is an insider threat?

The CERT definition of an insider threat is ‘the potential for an individual who has or had authorised access to an organisation’s assets to use their access, either maliciously or unintentionally, to act in a way that could negatively affect the organisation. This definition covers:

  • Malicious and non-malicious (unintentional) insider threats
  • Cyber and physical impacts

From this definition, it is clear that even employees and contractors with the best of intentions can become an insider threat, simply by clicking on a hyperlink that injects malware into the OT or enterprise network. According to the Ponemon Institute’s 2018 Cost of Insider Threats report the average cost of insider-caused incidents was $8.76 million in 2017 – more than twice the %3.86m average cost of all breaches during the same year across the globe.

Oliver Wyman’s The Increasing Threat from Inside report states that nearly 75% of companies believe they have appropriate controls in place to mitigate insider threats, yet more than 50% of companies had a confirmed insider attack in the past 12 months.

Why would someone seek to carry out an insider attack?

There is no straightforward answer to this question with there being numerous and complex potential motives. However, there are some indicators of potential insider threats:

  • Ethical flexibility
  • Reduced loyalty
  • Entitlement – narcissism – ego
  • Introversion
  • Greed / financial need
  • Intolerance of criticism
  • Self-perceived value exceeds performance
  • Vulnerability to blackmail
  • Pattern of frustration and disappointment

How can we prevent the loss of trade secrets?

Managing insider threat is a complex, multifaceted and cross-functional exercise that will reach into most, if not all, functions within your company. Having a ‘policy and standards stack’ is not enough. There is difficulty in spotting the threat, which is why there is a premium placed on process and education, over that of technology.

Implementing an effective insider risk program requires a design tailored to the specific culture, processes, and risks of your organisation. It starts with the identification of the risk exposure and the business impact of the risk. Once the “crown jewels”, the most important assets (physical and/or virtual) and associated insider risks are identified, a pilot can be designed to mitigate these risks. It is important to start small and focus on a clearly defined high-risk employee sub-group to work through the organisational issues that need to be solved.

The Common Sense Guide to Mitigating Insider Threats (fifth edition published by the CERT Insider Threat Centre) offers a guide to best practice. Some of the key practices from the document include the following points, and the first point is arguably the most important:

  • Know and protect your critical assets
  • Create a culture of awareness throughout the company. Develop training from the Board level down. Create focused leadership sessions that enable leaders to identify the insider behaviours
  • Develop the governance framework to formalise an insider threat program
  • Develop repeatable and reportable processes that capture suspicious behaviours from the point of hire to fire
  • Have a social media monitoring program
  • Create a culture of ‘it’s OK to say’
  • Create a robust access rights management process for data and systems
  • Close the doors to unauthorised data ex-filtration
  • Monitor and control remote access
  • Extend your controls and awareness to third parties
  • Enforce separation of duties and least privilege

In addition to the above, there are key success factors for an effective insider threat program. Understanding what contributes and supports success is fundamental in measuring and reporting progress. Whilst these factors are numerous, the five listed below highlight why success is not just about controls:

  1. Governance and organisation: Clear articulation of the oversight and agreed operating model
  2. Execution and program management: Processes and controls that cover the end-to-end lifecycle of insider risk management in line with the organisation’s risk appetite
  3. Data, technology and tools: Foundational capabilities that support the management of insider risk
  4. Information sharing: Effective cross-functional interaction model to address legal, ethical, cultural and privacy concerns, and understand what is required to “get to agreement”
  5. Continuous improvement: Mechanisms to integrate learnings from past events and to evolve the program in line with the changing risk exposure

Conclusion

An insider threat program is crucial for any organisation. Designing and implementing an effective solution is vital to securing a business’s most valuable assets. There is an upward trend of insider threat occurrence and its prominence and relevance mean it simply cannot be ignored. Implementing the right program will yield clear benefits and positive results. Take a proactive approach to managing insider risk – start small, but start now. Create a program based on a culture of honesty, integrity and ethics. Employees will identify with these values and as a result, will embrace the insider threat program and its ultimate aims and objectives.

In the real world, the management and mitigation of insider threats are as pertinent now as they were then. However, we now have the benefit of well -processes, training and awareness tools and ‘surgical technology’ that can reduce the accidental or deliberate loss of value from our companies.

Remember: it’s OK to say. It’s something I encourage my colleagues to do every day. I’ll leave you with that ‘ear-worm. You’re welcome!

Tarhouna Mass Graves, a reminder of conflict but a symbol of progress

Tarhouna Mass Graves: a reminder of conflict but a symbol of progress

The people of Libya have been through turbulent times since the end of Muammar Gaddafi’s rule in 2011. The country is building its capacity and capability across the board following a range of conflicts over the course of the last decade. Unfortunately, legacies of those conflicts still remain, such as the mass graves discovered in Tarhouna, a town located 90km southwest of Tripoli.

The graves were discovered when the area was recaptured by government forces in June 2020. Tarhouna had previously been a stronghold for forces commanded by Khalifa Haftar during a 14-month campaign to capture the capital. Since the discovery of the graves, more than 120 bodies have been exhumed including men, women and children.

Rose Partners’ team headed up by Niamh Smith, who has a wealth of experience in disaster victim identification, played a mentoring and training role with the Ministry of Interior and the Libyan police, which have been carrying out forensic and criminal investigations. Niamh and her team were given extensive access to the graves and associated sites relevant to the criminal investigation.

‘They’ve been working consistently to carry out test digs on the site since last summer and have been recovering bodies regularly,’ Niamh said. ‘From Rose Partners’ perspective, we’ve been working on the criminal aspects in terms of who committed the atrocities, as well as the identification of the deceased.

‘We would attend the graves regularly, as well as having access to the sites as part of the mass graves responder courses we developed.’

The situation regarding the mass graves has drawn significant international attention, with the United Nations calling on the Government of National Accord to secure the sites, identify the victims, establish the causes of death and return the bodies to their next of kin.

It is therefore imperative that identification and investigation processes and facilities are of the highest standard, so as not to jeopardise any future convictions.

‘The Libyans are very keen themselves to be on a professional par with other countries,’ Niamh added. ‘They’re very aware there are certain standards they need to meet, but they’re constantly pushing and trying to improve.

‘The police genuinely want to do an excellent job for the people of Libya. It’s about increasing their knowledge and capability so they can run at a standard they’re happy with.

‘It would be a very satisfying end goal for them to be self-sufficient and in line with their international partners, being able to train their own people and, in some cases, have their advice sought by other nations.

‘The mass graves situation is an example of an area in which if, as unfortunate a circumstance as it would be, other countries could potentially turn to the Libyans for assistance in how to deal with this sort of event.

Private Security: Executive and Family Clients

Conducting private security is a nuanced activity that extends far beyond simply having bodyguards follow you around.

Close protection, as part of a wider lifestyle management program that should also involve residential security and surveillance, is an important part of private security for individuals. However, there is a range of further effective measures that can be put into place to maintain your safety.

ITINERARY AND JOURNEY MANAGEMENT

Security threats fluctuate depending on your location, so it is important to identify modes of travel that will present minimal possible risk to clients.

As part of a security risk assessment carried out by Rose Partners, we will identify several routes using the safest means of transport in the given location. Identifying multiple routes is a key part of journey planning as this enables the avoidance of routine, which will help to prevent any hostile surveillance of the client’s movements, therefore limiting the possibility of an attack.

PRIVATE SECURITY IN THE DIGITAL AGE

Using technology such as phones and laptops can present a variety of security risks, particularly when accessing networks in multiple locations. As such, it is imperative that clients have sufficient digital protection in place, with the confidence and competence to identify and act on cyber threats.

Rose Partners’ cybersecurity experts are on hand to implement the necessary measures, with the capacity to carry out digital forensics to identify the culprit of cyber-attacks.

Such is the nature of the internet and social media, in particular, negative and disreputable content can gain traction quickly, no matter how much truth a story has to it. We understand the importance of people’s reputation, both on an individual and collective basis, and the impact reputational damage can cause to people and their organisations. Rose Partners has the experience and expertise to carry out reputational management activities which seek to limit the reach of any negative press, should it arise, to help preserve your reputation.

SITUATIONAL AWARENESS TRAINING

Our security professionals are trained to deal with a diverse range of complex scenarios.

However, in the interest of maximum possible safety, we also carry out situational awareness training with our clients. Our experts will help you develop your attention and awareness levels in order for you to identify potentially threatening people or environments, building your knowledge and confidence to make informed decisions and take necessary action in a short period of time.

If you’d like to learn more about our private security services, contact a member of the Rose Partners team today.

How developed and secure aviation infrastructure boosts a country’s prosperity

Aviation is a safety-critical industry. While we can accept a certain amount of risk of accidents on our roads for instance, as unfortunate and expensive as they can sometimes be, there’s simply no room for error with aircraft. This is a very high but necessary standard to adhere to, which means the correct technology and training have to be in place.

Post-conflict environments such as in the Middle East and North Africa have seen their aviation infrastructure suffer immensely. Iraq, for instance, which was the Middle Eastern hub for the Royal Air Force in the inter-war years, has been involved in a series of serious conflicts. From the Gulf war, through to the Iraq war itself and, more recently, conflicts with ISIS, combatants have targeted airbases as a means of preventing coalition activity in the region.

‘All of this damage has to be repaired in order for the airport to run efficiently,’ said Rose Partners’ Strategic Advisor, Niall Greenwood. ‘You often find that airports in these kinds of environments are running in a sub-optimal way, with limited firefighting and rescue services, limited air traffic control, and limited instrumentation.’

‘All of these are constraints on an airport’s ability to run efficiently and can limit you to being only able to land during good weather in the daytime; aircraft may be forced to refuel elsewhere which can significantly reduce their range; and, if the airport accepts passengers, those passengers may not be able to connect directly with destination countries.’

Given the safety-critical nature of the aviation industry, there is a range of domestic and international standards an airport must adhere to. In the case of post-conflict environments which have seen their technology and procedures – as well as documentation of procedures – neglected over the years, failure to meet these requirements has seen international connectivity become restricted.

Why is this important?

The effectiveness and efficiency of a nation’s aviation infrastructure have been shown to correlate to its wider prosperity both from a commercial and military perspective, as Niall explains.

‘It’s the primary responsibility of governments to defend their nation and the population. If you have threats from across the border, it’s very difficult to deal with them without operational airbases.

‘Not only will you be at risk of conflict with those neighbors, but there’s also a negative impact on the economy because people won’t want to invest in institutions which could potentially be attacked or overrun, with workers leaving the area which can lead to a skill shortage.

‘From a financial viewpoint, strong aviation infrastructure with good connectivity, reliable services, as well as a minimal history of things like accidents, delays, and cancellations, shows an almost direct link to the country’s growth.

‘Most of the primary jobs in airports and the services that support them, as well as secondary jobs such as hotel and taxi services, all rely on the airport for importing and exporting goods and services. The airport’s effectiveness has a direct impact on its success.

What about the future?

Many of us are growing more familiar with the presence of unmanned drones in the air. As well as in the military and aviation industry, including runway and aeroplane inspections, they are being increasingly used for civilian and commercial purposes, such as for deliveries and blue light services.

‘We’re entering an interesting period as electric aviation develops quite quickly,’ Niall added. ‘We’re probably going to see the number of drones in the air increase ten-fold over the next decade.

‘This will make a big difference as they can’t be handled in the same way air traffic has been handled in the past and it will require more integration between military and civil airspace.

‘While we’re working to restore and build capability of aviation in many countries, we have to look to the future in order to allow them to benefit from these developing technologies. There’s a lot of potential, but also risk to be managed as we enter the new era of aviation.’

Blog: Strategic Overview on Rose Partners’ SSR role in Libya

His Excellency Abd Alhamid Aldabaiba has set out his priority of unifying the citizens of Libya, building confidence and bringing prosperity. This vision cannot be achieved without security sector reform and failing to undertake such reform will hamper development and discourage investment from both local and international partners. Security is an essential condition for sustainable development to flourish.

Libya and Rose have approached SSR in a unique and ambitious way. SSR programmes are predominantly led and directed by donor states or international bodies, such as the UN or EU. Such programmes are then delivered by a mix of seconded staff and subcontracted companies who report, not to the customer, but the commissioning body. Traditional SSR, although incredibly beneficial and often the only way to progress, is by its nature, bureaucratic and focused on donor priorities, with a large proportion of the budget spent on donor structures, rather than delivery.

Rose’s direct, contractual arrangement with the Libyan Government has delivered agility, local accountability and rapid results with a greater percentage of the budget directed at delivery and reform. We, with our client, are committed to restructure, rebuild and reform policing to deliver a unified, safe, and secure Libya and build a police service that exercises its authority with the trust and confidence of its people, in line with international standards and human rights conventions.

The requirement to restructure and realign policing is paramount and Rose has worked with the Libyan authorities to design a new National Police Model (NPM), the cornerstone of transformational change and consistent delivery. The model promotes that Policing will be nationally led, regionally coordinated, and locally delivered. The NPM also redefines roles and responsibilities, creating accountability and a commitment to building regional stability and national unity.

Alongside the requirement to restructure, His Excellency Abd Alhamid Aldabaiba, also has the opportunity to invest in the MoI’s staff, to rebuild capability and resilience across policing disciplines. Capability building to not only tackle the extreme threats from terrorism or serious & organised crime, but to also manage and respond to issues impacting upon local communities. Improving the national standards of police training will enable local officers to deliver core policing to a high and consistent standard.

Policing reform is enabled by the adoption of new processes, methods and systems to deliver the law enforcement mission. Such reform can be driven by the national strategies developed by the MoI and Rose within the last year: Counter Terrorism, Serious & Organised Crime, Illegal Migration, Intelligence and Training strategies. These frameworks provide the regional consistency required to disrupt those that threaten to frustrate the unification of Libya. 

The scale and complexity of the task cannot be underestimated. As international case studies have shown, meaningful and sustainable police reform cannot be achieved over 1-2 years, but more likely 5 -10 years. The bold, joint approach Libya has taken with Rose has helped accelerate this process and shows Libya’s strategic intent to reform and unify.

en_GBEnglish (UK)