Supervisors as a Security Sensor: Developing Insider Risk Personas to Train Supervisors and Increase Reporting
Insider threat indicator development efforts have primarily focused on cyber-physical indicators. Most organizations recognize that supervisors often have unique visibility into information about employee behavior, but security has been unable to leverage those insights efficiently, improve supervisors’ recognition of risk, and increase risk reporting. In response, MITRE has developed “Insider Risk Personas,” a unique, role-based, low-burden tool to improve the quantity and quality of insider risk reporting by supervisors, but in a way that does not involve a “profile”. The Insider Risk Personas are developed for specific roles where behavioral scientists conduct deep-dive structured interviews with at least 20 individuals in each of those roles and their supervisors. The collected data is qualitatively and quantitatively analyzed by behavioral scientists with expertise and experience in insider risk deterrence, detection, and mitigation. Each Insider Risk Persona outlines the key assets, character fit, stressors, and concerning behaviors that are specific to the specific role and easily missed. The goal of the Insider Risk Personas tool is to provide frontline supervisors with an easily used and data-driven tool to better recognize potential risks relevant to the roles they supervise, and motivate those supervisors to discuss or report those risks with the relevant groups at their organization. MITRE has created a set of Insider Risk Personas for the Bio-Tech/Pharma sector, the Energy sector, and the Higher Education sector. MITRE is available to develop Insider Risk Personas for other sectors and has found the sector benefits most when there are multiple organizations from the same sector involved.