Cybersecurity Blog: The Cyber Scene is evolving, are you?

Return to blog

Part 4: Training and defined management procedures are critical to program success.

Today’s insider risk programs typically rely solely on mitigation as the remedy to address every insider risk. But this approach leaves out critical measures to address all components of risk.

In the first blog of this four-part series, I discussed why you need to use leadership advocacy and a proper governance structure to kick off your insider risk program. In part two we explored the need for a comprehensive communication strategy and the importance of documentation. Part three explained defining critical assets vital to business operations and leveraging technology.

Let’s wrap up the discussion with our two remaining components the best insider risk programs incorporate to succeed—training and awareness, and defined consequence management procedures.


One of the most important efforts for a company to focus on is training and awareness.

“The only thing worse than training your employees and having them leave is not training them and having them stay.” — Henry Ford

A well-structured training and awareness program should educate employees about their vulnerability to internal and external threats, provide guidance on protective measures, and reinforce the means to report potential insider concerns. This involves making sure individuals understand they may be a target, the company is a target, what to look for, and what to do when they believe something is suspicious. 

There are several behaviors individuals can look out for. For example, someone working unusual hours, printing out an inordinate number of documents, taking home an excessive amount of files, or negatively talking about the company are behaviors to pay attention to and notify their manager or HR.

Training and awareness programs should occur at onboarding and required refresher courses provided on a recurring basis.

Consequence Management

Corporations that invest significant resources to improve their insider risk programs may often find themselves unprepared to deal with a suspicious incident.

Responding to an insider incident requires more than just detection. If you suspect your organization is the victim of an insider breach, bring the focus back to the individual by conducting a proper investigation. After all, not all threats are malicious – training or counseling may be the answer to remediate the conduct.

Addressing insider events should be empowered to a response team of individuals with such skill sets as investigations, counterintelligence, and human resources.

Validated procedures should govern the opening of inquiries. Near constant interaction with general counsel is critical to ensure privacy and legal concerns are met, and the organization is not liable for making false accusations.

Consequence management should also provide program metrics to help determine the insider risk programs’ effectiveness and return on investment. Metrics may include the number of risk alerts generated, the number of inquiries conducted, investigations referred, and the amount of proprietary property recovered.

A case management tool will not only facilitate aggregation of metrics but will serve as a central repository for historically documenting individual risk indicators and providing a behavioral baseline of the person throughout their tenure in the organization.

A comprehensive insider risk program requires people, processes, and tools, acting collectively to achieve the greatest benefit and return on investment.

Review the Eight Components of Developing a Successful Insider Risk Program Series

If you missed any of the previous posts in this four-part series, I invite you to click on the link below:

  1. Leadership Advocacy and Governance
  2. Communication and Documentation
  3. Critical Assets and Technology

Need Help with Your Insider Risk Program

As the workplace becomes more complex and insider risks increase, organizations must ensure they can detect anomalies and prevent incidents before they happen. Leidos is your trusted partner to ensure the protection of your company’s critical assets and help you prevent an insider incident before it occurs.

Our array of insider risk solutions and team of insider risk experts are ready to assist you through all phases of assessing your current risk profile, creating and administering a comprehensive insider risk management program – including the best technology for your specific needs –  and helping you to respond to insider incidents if they do occur properly.

Contact us to talk to one of our insider risk experts today or download the white paper and explore the eight components every organization must consider when building a successful insider risk program.


Principal Consultant | Cary provides services to commercial and government clients through all phases of insider threat programs. Immediately prior to joining Leidos, he was the Counterintelligence Program Manager for a global communications and information technology company. Before that, Cary served in federal government for over 25 years and held intelligence, counterintelligence, and investigative roles with the Central Intelligence Agency, Office of the National Counterintelligence Executive, and Air Force Office of Special Investigations. He earned a Bachelor of Science degree from the United States Air Force Academy and a Master of Arts degree from The University of Utah.