Authorized personnel with access can become an insider threat to security

National Insider Threat Awareness Month

The fourth annual National Insider Threat Awareness Month will be take place in September 2022. During this time, federal agencies and industry emphasize the importance of preparing the workforce to deter, detect, and mitigate threats posed from trusted insiders. The NetCentrics Insider Threat Plan requires employees and contractors comply with training and reporting requirements pertaining to the safeguarding of sensitive and classified information, as well as NetCentrics proprietary information.

According to a recent study by the National Institute of Standards and Technology, the goal of security awareness training programs—including insider threat awareness programs—is to help employees recognize and appropriately respond to security issues, thereby improving the overall security posture of organization. The study also found that only using metrics to determine the effectiveness of a program versus measuring actual impact may not indicate whether employee security behaviors and attitudes have been positively changed. Thus, how do we inspire a security minded culture to empower our workforce and reduce vulnerabilities?

The NetCentrics core values of Be Eminent and Embrace the Team encourages us to demonstrate excellence and hold each other accountable to build a culture of trust in the workplace. Here are a few ways we incorporate security into our overall culture.

First, NetCentrics requires all cleared employees to complete Insider Threat Training during onboarding and during the annual security refresher training. For all other employees, it is important to be familiar with reporting requirements.

Second, we remind our teammates about identifying behavior that could indicate threat. Each of us has a role to play. It is important to be observant. One example of a regular reminder is through articles like this one.

Third, by being present and respectful of others in all interactions (Embrace the Team) we can better identify teammates who may need help. Insider threats are more likely to occur when people are under extreme pressures and see access as opportunity. We can prevent that by encouraging people to seek help instead.

Reporting Procedures

Any reportable contacts, activities, indicators, behaviors, and cyber threats associated with foreign intelligence entities should be reported to the NetCentrics Security Team or Insider Threat Hotline (571-313-7998).

The DoD provides a Defense Hotline (800-424-9098) as a confidential avenue for individuals to report allegations of wrongdoing pertaining to programs, personnel, and operations that fall under the purview of the DoD. For more information, you can visit: https://www.dodig.mil/Components/Administrative-Investigations/DoD-Hotline/.

Training Opportunity

On September 1, 2022, the 2022 Insider Threat Virtual Conference will bring security professionals and policy makers across the U.S. Government and industry together to kick off the National Insider Threat Awareness Month (NITAM) campaign. This year’s theme is “Critical Thinking in Digital Spaces.” For more information on how to register visit the NITAM website.

Photo by Pew Nguyen