Key Takeaways From the FIRPA Practitioner Insights Report

This blog post summarizes the key takeaways from the Five Eyes Insider Risk Practitioner Alliance (FIRPA) Practitioner Insights Report. The report is based on workshops with over 100 insider risk practitioners from Australia, the USA, and Canada.

AI Generated Podcast:

Stakeholder Engagement and Collaboration

  • Executive buy-in and cross-departmental collaboration are essential for successful insider risk management. Collaboration across departments like legal, HR, IT, and compliance is needed to create a unified approach to insider risk.
  • Challenges include communication breakdowns, competing priorities, and a lack of shared understanding across departments. Organizations need to develop a shared language and tailor communication to different stakeholder groups.

Security Culture and Leadership

  • Leaders must champion security and set the tone for a security-conscious culture. They need to embed security practices into daily operations and create an environment where insider risk management is prioritized.
  • Challenges include silos between departments, biases in insider risk detection, and a lack of buy-in from senior leadership. Organizations should promote a no-blame culture that encourages open reporting and engagement.

Education and Training

  • Training programs should leverage multiple modes of delivery and include real-life scenarios and simulations.
  • Challenges include cost constraints, lack of motivation, and outdated content. Organizations need to develop contextually relevant practices, invest in dynamic learning tools, and ensure training remains current and engaging.

Tools, Techniques, and Indicators

  • Selecting the right tools and techniques is crucial, but they must be aligned with an organization’s unique risks and operational context.
  • Challenges include over-reliance on data without sufficient context, difficulty integrating new tools with existing systems, and a lack of understanding of the human factors behind insider threats. Organizations need to select tools that offer contextual accuracy and invest in training and development of internal experts.

Information Sharing and Collaboration Between Organizations

  • Sharing insider threat information between organizations is crucial but faces challenges such as legal barriers, privacy concerns, and organizational resistance.
  • Challenges include reluctance to share sensitive data due to legal uncertainties, concerns over reputational damage, and difficulties in defining common terms for information sharing. Organizations should create a common asset list, establish legal-focused working groups, and promote the sharing of behavioral attributes from past incidents.

Program Structure, Policy, and Governance

  • Clear governance frameworks, leadership engagement, and continuous improvement are needed to ensure that insider risk management processes are consistent and adaptable.
  • Challenges include inconsistent executive support, resistance to change, and external pressures for compliance. Organizations should establish clear program frameworks with well-defined roles and responsibilities, collaborate across departments and with external partners, and secure leadership buy-in.

Investigative Process, Procedure, Interventions, and Improvement

  • A well-structured investigative process is essential and requires clear guidelines for escalation, well-documented procedures, and transparent decision-making.
  • Challenges include inconsistent investigative processes, lack of clarity around when to escalate incidents, and balancing thoroughness with employee privacy concerns. Organizations should establish clear guidelines for escalation, provide regular training for investigators, and use centralized tracking systems.

Regional and Cultural Nuances

The report identifies some regional differences in how practitioners approach insider risk.

  • American practitioners emphasized ROI and advanced technologies.
  • Australian practitioners focused more on communication strategies, relationship-building, and aligning tools with organizational culture.

Additional Insights from Surveyed Australian Practitioners

  • Negligence is viewed as the primary insider threat.
  • Continuous education and cross-departmental collaboration are foundational elements for improving insider risk programs.
  • A common misconception is that insider risk programs are punitive.

Conclusion

The report highlights the importance of:

  • Securing leadership engagement
  • Fostering cross-departmental collaboration
  • Balancing advanced technologies with human-centered approaches

Organizations need to continuously refine their practices to stay ahead of evolving threats and bolster their defense against insider risks.

Staying Up-to-Date in the Cybersecurity Industry

Staying current in cybersecurity is crucial to proactively mitigate risks, ensure compliance, and make informed decisions in today’s rapidly changing digital landscape. Here are some resources to help you stay up-to-date with cybersecurity:

Feedly

Feedly (RSS Aggregator) is a free website that will collect news from different sources and put them all together in one place. Here are some sites to add to feedly:

TLDR

Information Security News to Your Inbox. TLDR is a free service that sends you a recurring emails aggregating the news in various subjects for you. They have many different newsletters on various topics including information security.

Sign Up

SANS Cyber Security Summits

SANS Free Virtual Conferences. SANS summits take place often on a variety of subjects including AI, DFIR, Cloud, Threat Intelligence, etc. It is free to attend the summits online and if you miss them you can watch the recording. They also count for CPE. Their slack is also a great place to learn from others.

BrightTALK

Free Virtual Talks. BrightTALKs bring the speakers to you. Search for any subject and attend live or recorded talks on any subject including many Cybersecurity ones. Every month the Verizon Threat Research Advisory Center gives an update. They are a great talk to attend.

Verizon Business Page at BrightTALK

Podcasts

I’ve already compiled a list of podcast on this blog here is a link to that post.

Books

Here are some favorites of mine:

  • Hacker and the State by Ben Buchanan. Packed with insider information based on interviews, declassified files, and forensic analysis of company reports, The Hacker and the State sets aside fantasies of cyber-annihilation to explore the real geopolitical competition of the digital age
  • Countdown to Zero Day by Kim Zetter. Rather than simply hijacking targeted computers or stealing information from them, it proved that a piece of code could escape the digital realm and wreak actual, physical destruction—in this case, on an Iranian nuclear facility.
  • Dark Wire by Joseph Cox. In 2018, a powerful app for secure communications called Anom took root among organized criminals. They believed Anom allowed them to conduct business in the shadows. Except for one thing: it was secretly run by the FBI.
  • This is How They Tell Me the World Ends by Nicole Perlroth. One of the most coveted tools in a spy’s arsenal, a zero day has the power to silently spy on your iPhone, dismantle the safety controls at a chemical plant, alter an election, and shut down the electric grid (just ask Ukraine).

YouTube

There are so many YouTube channels doing a great job getting information out there. This is not an exhaustive list, but they are some of my favorites!

Other Networks

Blueksy – Read more about bluesky on this prior post. Here are the info sec starter packs.

LinkedIn – Here are some good folks to follow on LinkedIn.

Mastodon – Federated messaging service a la Twitter/X, with large infosec group on the infosec.exchange server.

Weekly Cybersecurity Wrap-up 12/2/24

Each week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

Videos

Articles

Podcasts