How To Form A Task Force To Address Internal Threats

n the world of data security, an internal threat occurs when an employee, contractor, former employee or third-party vendor — wittingly or unwittingly — exploits their authorized access to an organization’s private information to cause harm. Whether malicious or not, these incidents are a serious issue. In fact, according to Cybersecurity Insiders’ 2021 Insider Threat Report, 98% of organizations feel some degree of vulnerability to internal threats.

That’s why our team at Three Wire Systems established a cross-functional task force to develop and implement a plan that addresses risks and vulnerabilities within the company. Here’s a brief look at how we did it — and some inspiration for a team of your own.

 

Assembling the team

When it comes to building our internal threat task force, we make sure to involve departments from across the organization, pulling in our Marketing, IT, HR, Accounting, CTO, Sales and Program Delivery teams.

The goals of the task force are to identify potential risks and vulnerabilities within the company that could result in data breach or other potential hazards. From there, the team also makes recommendations on how to mitigate the identified risks — i.e., should we stop the service, change it, or accept it? The team meets monthly to exchange these ideas, brainstorm new strategies and hear all concerns.

 

Making decisions

The team’s focus is pinpointing where a security breech could occur and finding ways to cover these blind spots. As such, we are always asking hypothetical questions: What if a service that we use is unavailable for a day? A week? Longer? What if any of these services are shut down by a ransomware attack and we lose data?

We examine the “what if” questions and determine the following relating to data within each service:

  • Confidentiality: Is security for the service adequate?

  • Integrity: Is data secure and recoverable if subjected to malware or other attacks?

  • Availability: If the service is not available for a longer duration is there a Business Continuity Plan?

Then, our task becomes examining the risk environment of our critical services and determining any actions that we may or should implement in response to these risks. Our responses may include:

  • Avoidance: Don’t use the service — although, that may not be a possibility with more critical services

  • Mitigation: Make changes or additions to the service that will reduce risk.

  • Acceptance: The cost to mitigate the risk may be greater than the cost of damage if the risk is realized, so the risk could be acceptable (in this scenario, costs can come in the form of finances, reputational loss, labor or inconvenience).

  • Transference: Transfer the cost of risk, perhaps to an insurance policy.

Just as we’re committed to addressing internal threats for our own company, we work with government and commercial organizations on solving cybersecurity issues. Want to know more about our capabilities? Check out our website here or contact a member of our team to learn more.

Kelsey ThayerCybersecurity