Editor’s note: This is the third in a series of interviews with the session leaders of the upcoming Global Security Operations event being held August 16-17, 2023 at LinkedIn’s global headquarters in the heart of Silicon Valley, Calif. The event is named with a future date because it takes a 3- to 5-year look ahead at where security leadership and security technology are going. Registration is open now.
SIW Managing Editor John Dobberstein recently spoke with Sulev Suvari, a security veteran who has worked the security space for quite some time and across all aspects of the field from supply chain security to critical infrastructure, to executive protection, to travel security, and insider threat. Not only that, Suvari has worked at the national level of government, the corporate Fortune 50, and now as a consultant CSO.SIW: Many factors have escalated business insider threat risk to higher-than-ever levels. Is it possible to do a better job addressing it than we have in the past?
SIW: Many factors have escalated business insider threat risk to higher-than-ever levels. Is it possible to do a better job addressing it than we have in the past?
Suvari: Doing a better job requires a getting a better understanding of insider threat than we’ve had in the past. Add to that the need to understand the new threat factors that have appeared in recent years. Not all insider risk result from actively hostile intentions; some risk results, for example, from complacency, negligence, and ignorance – including a lack of awareness of new risks resulting from the increase in remote work and layoffs in the recent year.
SIW: Do these changes necessitate a shift in focus for insider threat assessment and risk evaluation?
Suvari: I don’t think the underlying principles have changed so much as the fact that the need for applying them has grown. An effective approach requires continuous evaluation of contextual, human behavioral, IT security and physical security related risk indicators.
The more risk factors that we can keep an eye on, the better we can recognize escalating behavior that can materialize as a negative action. Figure 1 below contains examples of factors that may be known in any particular work environment, not the unknown factors, such as those outside of the work environment. Monitoring these factors is more feasible nowadays because software tools can help, for example, like Red Vector’s Fulcrum platform, which is very scalable and is capable of monitoring, analyzing and reporting on these kinds of factors on a continuous basis.
Figure 1. Known Insider Threat Factors
SIW: Is the idea to become preemptive and act before the threat potential materializes?
Suvari: That’s part of the picture. And we love to reach for tools as silver bullet solution. However, what is healthy for the organization as well as for individuals is a comprehensive approach that includes, for example, the creation of an inclusive business culture that facilitates and enables individual productivity and success, which are high morale factors and tend to dispel many insider threat factors and enable training to be more effective, including training for secure workplace practices, and reduce or eliminate the tolerance of unacceptable behaviors and actions.
SIW: Is artificial intelligence making a significant contribution?
Suvari: It certainly is, both in terms of the scale of data that can be analyzed, and the speed of the analysis that provide actionable data to insider risk professionals. Technology is essential, but it is not enough. An insider risk management program has many elements to it, and that’s something that we delve into and address from several perspectives in the GSO Event, in both the leadership and technology sessions.
SIW: Well Sulev, pleasure to chat with you once again. Best of luck and we look forward to hearing more from you at GSO 2025 this fall.
Suvari: Thank you, my pleasure. As I said before, I am passionate about security and love the field, as you could probably tell from my answers. Best wishes.
