By Janet Paul, Director of Human Resources, and Findlay Whitelaw, Sr. Director, Insider Threat Program
The cybersecurity and insider threat landscape has drastically evolved in recent years. This shifting landscape, dominated by sophisticated attacks and evolving cyber threats, necessitates a comprehensive approach to security that calls for more than just a technical solution. In this context, human resources (HR) departments play an increasingly significant role. Their experience in personnel management, organizational behavior, and corporate culture can prove crucial in strengthening cybersecurity teams and setting up insider threat programs. Within organizations, it is not just the responsibility of chief information and security officers (CISOs) and chief security officers (CSOs) to protect organizational digital and physical assets from various cybersecurity and security threats; HR departments are one of the most critical allies. This post will spotlight the essential role of HR departments in cybersecurity teams and insider threat programs.
Unraveling the complexity of today’s threat landscape
The cyber threat landscape has grown more complex and dangerous. Cybercriminals, state-sponsored hackers, and even disgruntled employees use increasingly sophisticated methods to infiltrate systems to extract valuable data, notwithstanding non-malicious or accidental incidents that occur. Insider threats, in particular, are a growing concern; they come from individuals with legitimate access to systems, data, and premises, making them hard to detect. This increasing complexity makes it clear that more than technical solutions are needed to mitigate these threats. HR’s expertise in people management and organizational behavior is pivotal in safeguarding organizational assets and contributing to cybersecurity resiliency. A unique people perspective is invaluable in anticipating, identifying, and mitigating potential human-related cybersecurity risks. Skill at observing and understanding human behavior can translate into actionable intelligence.
Why HR is integral to effective security strategies
One of the most visible ways HR contributes to organizational cybersecurity efforts is through talent acquisition and development strategies. HR teams have the necessary expertise to create job profiles, attract, identify, and retain suitable candidates. They ensure diversity by promoting different perspectives, and thought leadership, and fostering an environment of creativity and innovation to combat these evolving threats. Furthermore, HR has a critical role in creating a positive security culture throughout the organization. This includes training and awareness programs to ensure employees understand their responsibilities in protecting the organization, staff, customers, and stakeholders. Creating these foundations through effective communication can help create a proactive, positive, sustainable security-focused strategy and mindset among employees, which is invaluable in enhancing collaborative organizational cybersecurity defense strategies.
HR as the guardian of security compliance
The backbone of HR from an employment law perspective involves ensuring compliance with applicable laws and regulations. These govern employment relationships to foster a fair, legally compliant working environment, protecting employee and organizational interests, which may include the following:
- Recruitment
- Codes of conduct
- Conflicts of interests
- Ethical standards
- Health and safety
- Information security and data protection
- Social media and technology usage
- Remote work and flexible work arrangement
- Colleague treatment strategies, for example, performance management, investigations, and disciplinaries
While the above list is not exhaustive, it demonstrates the far-reaching and diverse interlocks that HR plays from an organizational and security policy perspective. HR involvement in collaborating, developing, and enforcing robust security policies and procedures is essential to any security strategy.
HR acts as a bridge between any affected employees, the organization, and various departments to address the incident appropriately and take steps to mitigate future risks. In addition, HR departments often contribute by supporting the development and activation of security incident response plans, supporting communication during security incidents, and ensuring the health and well-being of incident responders, as many incidents can be prolonged, out of operating business working hours. HR input is needed to support investigations where there has been a breach or an incident with a human element that needs to be considered.
How HR powers insider threat programs
One of the most critical contributions of HR is in the development and management of organizational insider threat programs. HR teams are typically the first point of contact when hiring and generally own any re-vetting, fitness, and propriety attestations to help organizations make informed decisions to protect organizational security, comply with regulations and maintain a safe and trustworthy working environment. HR teams also actively manage employee databases and coordinate with business units and IT teams, organizational joiner, mover, and leaver (JML) processes, adjusting and reviewing the necessary contractual changes, internal system updates (i.e., update leaver dates, or transfer of department codes) access controls as an example, to minimize the risk of unauthorized access.
From a colleague treatment strategy, HR departments can leverage their knowledge and experience in incident response activity, investigations, and corrective strategies. They can support by providing people-centered remediation plans, for example, strengthening, communicating, or making security policies more accessible and transparent and developing further training, awareness, or security measures, for example, focusing on data security and privacy.
Given the level of involvement and insights gained from incident response and investigatory outcomes, HR can contribute to defining behavioral indicators and help build threat profiles by leveraging their understanding of employee behavior, patterns, interactions, and other risk factors. These profiles can help identify and prioritize potential insider threats based on the severity of behavioral indicators, access levels, job roles, and the extent to which employees can cause harm.
Empowering HR—navigating the new era of cyber threats
This is a new era of cyber and insider threats, and the importance of HR in organizational overall defense strategies cannot be overstated. HR’s role in cybersecurity is no longer only supportive; they are critical in developing a comprehensive approach to border cybersecurity and insider threat strategies. By leveraging their unique skills and insights, HR professionals can significantly contribute to an organization’s cybersecurity resilience.
Leveraging advanced technologies to enhance HR’s role in cybersecurity
Security information and event management (SIEM) and user entity behavior analytics (UEBA) are vital technological tools that can significantly enhance organizational security practices by collecting and aggregating various security logs, in real time, with advanced analytics identifying abnormal or risky behavior. Together SIEM and UEBA offer a powerful defense against cybersecurity and insider threats.