
Cybersecurity – When the Threat Comes From the Inside
Truesec Human Threat Intelligence (HTI) works with the human dimension in cybersecurity. Our mission is to identify vulnerabilities among the people that operate our clients’ organizations. It may be a cliché to say that the human factor is the weakest link in the chain of security – but since it’s true, we can’t ignore it.
We at HTI are the social science specialists at a tech organization – and we complement each other. Together at Truesec, we bridge the gap between technology and the users of technology, and together we build cybersecurity.
About Our Current Tools and Methods
Today our primary tools are awareness training and security vetting.
Awareness training heightens security culture and increases knowledge of threat actors and the different methods they use to gain insider access or conduct espionage, sabotage, or steal information for criminal and commercial purposes. The threat posed by insiders is frequently reported to be one of the principal reasons in cases of successful data exfiltration.
What we deliver: Lectures, training sessions, and workshops, mostly custom adapted to suit the unique client in a unique situation.
Security vetting aims at preventing insiders through security vetting interviews (SVI or säkerhetsprövningsintervju) and background checks to identify human vulnerabilities that could potentially be used by a threat actor. The vetting needs to be followed up on a regular basis and continue throughout the employee’s life cycle; when they are about to begin a new job, recurring, when something unusual happens, and when they leave the job. Personal or work-related stressors are things that might affect an employee’s will or ability to stay loyal. If we can identify these stressors in time, we may be able to help a person avoid the risk of doing something wrong. At the same time, we protect the organization from loss of information, reputational damage, or financial risks.
What we deliver: Security vetting interviews, background checks, analyses, and advice to Heads of Security within our client organizations.
About Our Future Journey
Today’s and tomorrow’s cyber breaches will increasingly exploit human vulnerabilities. While technology is expensive and becoming increasingly complex, it is often easier for a qualified high-end threat actor to recruit an insider than to try and attack from the outside or use both methods simultaneously. Organizations are getting better and better at building technological protective barriers, meaning it can be costly and time-consuming to succeed and risk being exposed along the way. At the same time, there is a cultural drive in society to “trust our people” – even when you don’t know them. Using an insider is often a comfortable and silent way in.
HTI strives to be a one-stop shop for creating a holistic protection package when it comes to the increasing human threat. This is why we are currently designing and delivering the following services:
- People Threat Report: A way to scan an organization’s level of security awareness, security culture, and mindset.
- Position Exposure Analysis (befattningsanalys): A way to identify what positions – and the employees that hold them – that are or might be more exposed than others to security-sensitive information.
- Protective Security Analysis and Planning, Including Protective Tender Support (säkerhetsskyddsanalys och säkerhetsskyddsplanering, inklusive stöd i säkerhetsskyddad upphandling – SUA): A way to identify assets and values worthy of more high-end protective measures than others.
- Travel Security and On-Site Counter Surveillance: Given the competence in HTI, we provide a “trained eye in the crowd” to observe threat actor behavior and protect against it during travel, meetings, major conferences, etc.
The HTI team is continuously expanding, and we require additional talent to be a part of the journey ahead. Together with Truesec’s technical expertise, HTI creates 360° protection in today’s and tomorrow’s society. Please come along – because we’re only human, after all...