slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
A Corporate Counter-Espionage Approach PowerPoint Presentation
Download Presentation
A Corporate Counter-Espionage Approach

Loading in 2 Seconds...

play fullscreen
1 / 10

A Corporate Counter-Espionage Approach - PowerPoint PPT Presentation


  • 339 Views
  • Uploaded on

Bolstering the Human Firewall . Presented by Joel Krauss. Be Prepared. For Anything. A Corporate Counter-Espionage Approach. Is Awareness Driving Preparedness. Be Prepared. For Anything. Where is industrial espionage awareness evident in the organisation?

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'A Corporate Counter-Espionage Approach' - yul


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Bolstering the Human Firewall

Presented by

Joel Krauss

Be Prepared. For Anything

A Corporate Counter-Espionage Approach

slide2

Is Awareness Driving Preparedness

Be Prepared. For Anything

  • Where is industrial espionage awareness evident in the organisation?
  • Who is aware or has responsibility for counter-espionage awareness?
  • Is awareness leading to appropriate action?
  • Is preparation appropriate to the threat and vulnerabilities?
  • Is effective preparation delivering an effective capability?
  • Are measures and methods obsolete or incomplete in the current context?

The Human Firewall

slide3

The Human Firewall: Recognising it’s Place

Be Prepared. For Anything

The convergence of cyber and human-enabled threats is difficult to defend against without applying a converged response. Defending against only one of these methods of penetration will certainly point the attacker towards the other.

  • Robust technical countermeasures can provide a secure operating environment, but they can be circumvented.
  • Most corporate security programs do not or can not adequately address the human weaknesses in their workforce.
  • High-stakes human-enabled industrial espionage projects are often undertaken by former national intelligence officers. In the case of state-sponsored economic espionage they have the backing and resources of a government.
  • The threat posed by such professionals could come in the form of direct action by the intelligence officer or through a controlled operation (penetration).

The Human Firewall

slide4

The Human Firewall: Vulnerabilities

Be Prepared. For Anything

Human-enabled threats leverage deception to obtain sensitive information through the use of pretext: assuming a false identity or appearance to cloak real intentions.

  • The disgruntled employee may be the obvious choice of the stereotypical perpetrator, but the competitor can use either an unwitting or witting source.
  • The source ischosen to based on his employer’s intelligence requirements.
  • The source can be witting and appear to be an ideal candidate for a position.
  • The source can be unwitting, and will be manoeuvred into a sensitive position by an existing management source and recruited at a later date.
  • The attackers leverage social media and data forensics to identify a target employee.
  • Further collection activities, uncover susceptibilities and vulnerabilities in the potential target’s psychological make up.
  • The intended targetmay be contacted and developed by an intelligence officer in commercial persona or foreign persona.

The Human Firewall

slide5

The Counter-Espionage Approach

Be Prepared. For Anything

Corporate counterintelligence is the overarching concept used to blend security capabilities and support a strong human firewall.

  • Corporate counter-espionage needs a full-spectrum or converged approach, because the competitive intelligence acquisition process is full-spectrum threat.
  • An ‘enhanced’ CE program leverages specialized detection practices, methodologies and response strategies to deter, neutralize, exploit and/or defeat the most serious threats.
  • A good CE program is agile enough to prevent, pre-empt, detect, and respond to industrial espionage with a rapid, nuanced and focused plan.
  • This CE program does not have to remain reactive: it can also go on the offensive in certain instances.
  • A CE program allows the security team to not only neutralize or control an industrial espionage relationship, but it also provides the best opportunity to collect operational security intelligence.

The Human Firewall

slide6

The Process

Be Prepared. For Anything

Constructing a Human Firewall

How vulnerable areyourstaff? How vulnerable is your information? How exposed are other measures to human flaws?

Self Awareness

What measures are in place, how do they correspondto a hierarchy of threats/methods: where are the gaps?

ThreatPreparedness

How do youfillthegaps in prevention, detection, andresponse? How do you configure a convergedoperating model?

Converged Security

What do youanticipate? What are you prepared for, howwould you pre-empt, and react to what you have anticipated?

Scenario Building

Establish priorities and a program. Introduce sensitisation initiatives, training and protocols.

The Human Equation

Test the capabilities, measure performance against customized scenarios. Buildfamiliaritywithoptions, andagility in response.

Test & Exercise

The Human Firewall

slide7

Building the Human Firewall

Be Prepared. For Anything

  • Rigorous and multi dimensional approach to verification.

Vetting

Monitoring

  • Spotting anomalies in behaviour and activity using discrete observation techniques, and management diligence.

Awareness

  • Corporate climate must be that every employee has a stake in ensuring the commercial success of their organization.

Protocols

Educating staff in what to do ifthey are the first one to detect an act of industrial espionage.

Conditioning

A sensible corporate counter-intelligence mentality must be

ingrained in all processes – it must be part of the corporate DNA.

Illustrative Examples

The Human Firewall

slide8

Challenges to Implementation

Be Prepared. For Anything

  • Senior management often does not appreciate the scale of the threat.
  • Clear disjoint between leadership and responsibility for ‘human’ security.
  • Demarcation and ownership of ‘the problem’ when addressing employee vulnerability.
  • Lack of an ‘converged’ approach to security planning.
  • Different functions conduct preparation to their own priorities rather than to common scenarios.
  • ‘Black Swan’ mindset and having to deal with the complexity of monitoring andpotential scale of the ‘unknowns.’
  • Common belief that technology and systems can protect against the impact.
  • No willingness to engage with management complexity beyond ‘mission statement.’
  • Inability to translate an understanding of what is required: into effective action & measured results.

The Human Firewall

slide9

Recommendations on How to Implement

Be Prepared. For Anything

  • Get 100% buy-in for adopting this posture.
  • Identify a focal point to drive the converged nature of your efforts in an efficient manner.
  • Quickly and efficiently determine what works and what does not.
  • Focus on gaps and blend existing controls into newly developed expertise.
  • Establish formalized procedures, which are internalized and tailored to your needs.
  • Inject a sense of threat awareness that does not alter relationships in the organization, but provides a common sense of vigilance.
  • Use customized scenarios to develop responses while exercising extreme resilience in your operations.
  • Scale your efforts to the threats based on dynamic competitive intelligence of the business-space.

The Human Firewall

converged security risk services
Converged Security Risk Services

Be Prepared. For Anything

Consultancy & Planning

Surveys & Audits

Response &Protection

Joel Krauss

Director, North American Operations

Tel: +001.631.612.4124

Email: joel.krauss@optimalrisk.com

Crisis, Risk & Security Specialists

Reinforcing Your Security

Building Your Resilience

Testing Your Preparedness

Exercising Your Response

Threat Modeling & Forensics

Advanced Cyber Defence

Risk Analysis

PHYSICAL SECURITY

BLUE TEAM

RED TEAM

CYBER SECURITY