Every department unknowingly possesses a hidden back door to the firm’s crown jewels. What the firm identifies as its crown jewels and protects them accordingly with high walls and a small footprint, may be meaningless to the hackers who are seeking something else valuable to them. 

There’s the illusion that the machine learning power of AI will blunt future attacks and breaches, yet the bad actors are creating AI systems of their own as countermeasures. 

For this reason, cross-department discussions and cooperation are critical in the early identification of intrusion attempts, anomalies (technical and social engineering) and “feints” that create misdirection. 

The IT department provides a top-down, data-driven view of potential breaches which are often reactive to threats. However, the deputization and on-going active collective and regular face-to-face cooperation of a non-technical cross-section of every operational unit represent the frontline cyber-vanguard who are proactive in identifying threats. 

Indeed, many organizations are intensifying their mandatory training for their non-technical personnel. Regardless how well taught and motivated the employees, this training has its limitations to recognize and mitigate cyber-attacks. 

For this reason, the rapidly evolving and asymmetric cyber-threats require a continuous educational program. This approach binds the organization’s non-technical employees with their non-managerial operational counterparts. The purpose is for unfettered discussions and a cross-pollination of experiences. 

Firstly, this enables the participants to familiarize themselves with how other units operate, their mindset and thus their vulnerabilities to cyber-breaches that they themselves may not recognize. What may be standard operating procedures (SOP) in one unit is a security anathema in another. The objective is to remove everyone from the proverbial echo chamber into an open, creative and interactive environment. 

Secondly, employees are far more open and sometimes refreshingly blunt in the absence of managers and supervisors. Employees are the corporate “salt of the earth”, the grassroots citizenry, who have intimate knowledge and experience of the daily patterns and unusual eddies that occur in their unit. 

With respect to a venue, there’s nothing more enticing and seductive than food & fun in a spacious conference room because meetings are dreaded by everyone at all levels. As part of human nature, food lowers one’s inhibition which means that the top-tier comfort meal of pizza and soda encourages a more collaborative environment. This makes it fun, not a burden, especially in a work setting, where everyone has more than enough unwanted and unrewarded responsibilities.  

The IT representative is the master of ceremonies who should craft this informal gathering with an unwritten agenda to tease out of the participants what may be seemingly insignificant occurrences that may represent precursors to an upcoming breach. 

A highly effective method of achieving this is to encourage the participants to provide their experiences in a storytelling style. The storytelling style enables the audience to emphasize with the storyteller and understand the issue better rather than listening to a staid corporate debriefing. 

During the meeting the IT representative can direct the conversation to relevant issues that the IT department is concerned about. For example, one unit might inform the IT representative that they receive unusual inquiries or requests during the time an executive or manager with high-level authorization privileges is on vacation or on a business trip. 

Additionally, the non-technical participants gain from osmosis not only the trends in other units but also enhance their sixth sense and mindset of potential threats to report to the IT department. 

Intelligence sharing at the “salt of the earth” operational level is where breaches can be initially identified. The development of this cyber-centurion cadre at the corporate grassroots level is a savvy, street-smart application of cyber-situational awareness and vigilance on a broad and deeper level that better identifies bad actor probes, social engineering attempts and technical tells at the periphery. 

This article appeared in ASIS International, November 2023 issue, pages 42-43, a monthly magazine for security management professionals. 

© Copyright 2023 Cerulean Council LLC 

The Cerulean Council is a NYC-based think-tank that provides prescient, beyond-the-horizon, contrarian perspectives and risk assessments on geopolitical dynamics and global urban security.