Tue, Feb 14, 2023

Kroll's Security Concepts Podcast

Kroll’s Enterprise Security Risk Management subject matter experts have come together, alongside special client guests, to host a podcast series discussing the world’s most pressing security challenges.
Episode 21
Building an Effective Threat Management Program

In this episode, Matthew Dumpert of Kroll’s Security Risk Management (SRM) team, and Artem Sherman, Product Manager at Resolver, discuss the increasing need for a cohesive and comprehensive risk assessment solution at a time when organizations face a variety of virtual and physical security risks. Join them as they review how Resolver, a cloud-based software and recent addition to Kroll’s offerings, can provide the tools needed to build an all-encompassing threat management program.

“This is the Security Concepts Podcast, the podcast where we bring in Kroll practitioners and select outside experts to discuss risk management in all its form. Welcome to episode 21, where we're going to be discussing one of Kroll's newest elements, Resolver, and the tools that it brings to the table, particularly in the threat management work here at Kroll. To have this discussion, I've brought in our threat management guru, Matthew Dumpert, and Artem Sherman from Resolver. Artem is a product manager at Resolver and has been a key leader in developing the threat solution that we're going to be discussing today. Artem has an interesting story: He was a long-time user of the product and got so good at customizing it that Resolver just decided they needed to bring him in for their own workforce. 

I'm not sure if everyone knows, but Resolver is new to the Kroll family. It’s an app-based product that really works well within the SRM practice. Artem, can you give us a little bit of background on Resolver and what it does?” – Jeff Kernohan

“It would be my pleasure. Resolver is a cloud-based software that helps you gather risk data and analyze it in context revealing the true business impact within every risk. Instead of being disconnected from the business, risk then becomes a key driver of opportunity. Resolver offers a holistic suite of applications to help you cover all your risk needs, including threat protection, which is what we'll be chatting about today.” – Artem Sherman

“Kroll has been an industry leader in the threat management space for decades. We've been doing this for a long time, and we're now bringing together all these data points and disparate pieces of information that we have historically investigated and assessed for our clients into the Resolver environment and, moreover, using the Resolver platform as the backbone for everything we do in threat management. This is really exciting for us.” – Matthew Dumpert

“That's a good segue into the threat protection solution. Artem, can you give us a few details on that one?” – Jeff Kernohan

“Resolver's Threat Protection Solution combines advanced monitoring of internet channels, internal systems and human reporting for threats to organizations. This ensures that companies are presented with relevant and timely alerts and a top-tier case management experience that allows teams to collaborate and respond.” – Artem Sherman

“It’s interesting to hear about a new tool that the Kroll team will use in some of these threat management engagements. That leads us directly into a question: Matt, what are the big items in the threat management world today? What's everybody doing? What's everybody concerned with?” – Jeff Kernohan

“I think the leading organizations, many of which we're working with now, are raising awareness within their own organization about the threats to their organization and enterprise. This includes training their workforce on how to recognize threats and sensitizing them on when to raise their hand if they sense something isn't right—whether that's from insider threat or something from outside the organization. Raising awareness on threats to people, property, reputation and sensitive information can come from anywhere and can materialize into real losses that are very damaging. The key here is getting everybody on the same page, clearly defining what that threat is, putting a standardized process in place for intake, investigation, assessment, collation and, ultimately, using all the organization's skills and capabilities to address each threat.” — Matthew Dumpert

“Excellent. That’s where Resolver plays a role with your team, correct? Helping them manage a lot of the process of getting everything in line and going in the proper order? That's where Resolver's really jumping in and helping you out, isn't it?” – Jeff Kernohan

“Exactly. The bringing together of Kroll and Resolver earlier this year was tremendously exciting for me and our group. One of the things that organizations struggle with routinely is connecting dots, bringing together disparate pieces of information and putting it all together into one environment so that a true assessment can be conducted. Artem, can you talk about how Resolver does that and how it allows the client to really draw some powerful conclusions and conduct a full assessment of what they may be dealing with?” – Matthew Dumpert

“Sure. That's where we really come together nicely in that Resolver provides the platform to be able to do all those activities, capture all that data, track all that work and information and have the workflow and accountability in place. This makes sure that those repeatable processes occur to the standards that you establish and are measured against the risks that are important to your organization. That’s really the power of the platform. A lot of organizations out there try and implement programs without the right tooling in place, and a lot of process fails if there isn't an easy way to execute it. That’s where Resolver comes in with our solutions.”—Artem Sherman

“The repeatable process to me really stood out. That's critical to the work that we do in threat management because an organization may deal with threats from all different vectors; it could be an insider threat, a workplace violence issue, something materializing on social media or a threat to an executive. There's no limit of the threats that are out there, and if it's not handled in a standardized way with a standardized methodology, we really risk overlooking something. When we work in this space, we can't afford to miss the small details. One of the most powerful things I've seen from Resolver is that incident and case management apparatus. It makes sure that the users—threat management teams, security departments and risk managers—are picking up on all the breadcrumbs of information and using everything that's available to them in a full and true assessment of what they're dealing with. That to me is one of the most powerful things that the Resolver platform can offer to threat management engagement.” – Matthew Dumpert

“All this work already happens, but a lot of organizations spend a ton of hours and labor on executing all these tasks without a platform that makes it easier to track than the manual processes that exist. All that data essentially gets lost in a filing cabinet with some paperwork. We enable you to capture important data as you go through those repeatable day-to-day tasks, so you can relate back to it, paint a fuller picture of what's going on and connect the dots.”— Artem Sherman

“Yeah, I think efficiency has to be maximized in this type of situation. It's a hot situation that needs to be responded to. We have seen some of our clients who may have a less robust system of keeping track of incidents, threat data and all these different things take hours to go through and match things up. I can certainly see how having the tool in place and having this data at hand makes things much easier for everybody. The threats are everywhere, and that's something that I know that you’re working on quite often, Matt. These threats are coming from every different direction. Everybody needs to be monitoring every possible system and data point that they can to find out what their threats are. How are they going about doing that? How do they become aware of these threats? What are the tools that they really should be using?” – Jeff Kernohan

“Yeah, there's no shortage of places where this ‘threat’s may present, as we talked about. It could be an insider threat, could be a threat of industrial or corporate espionage, could be your more traditional workplace violence incident or even a low-level argument or disagreement. What we've seen is as these incidents escalate, so can the severity of the threat; we go from an argument or a disgruntlement all the way up to potential physical violence, an act of sabotage, the unintentional oversharing of sensitive information on social media, sloppy security practices and disgruntled former workers. The key thing that we see still dominating the threat management landscape is domestic violence spillover into the workplace. There’s no shortage of threat vectors and ways they can threaten an organization. What’s important to us is that the organization has a robust array of monitoring capabilities. There’s monitoring online chatter and inbound email traffic as well as training the workforce on how to be aware of these threats and report them. When you have hundreds or thousands of sets of eyes and ears out there engaging with the public, clients, customers and vendors, it's the people on the ground who are going to become aware of a potential threat to the organization. They may read it, they may see it, they may experience it on social media. The important part is providing the person with an easy mechanism for reporting threats into the organization. Once it's reported into the organization, that's when the investigation and the assessment happen by the threat management team.” — Matthew Dumpert

“Do you typically find that most of your clients have a robust threat management team in place and the personnel to analyze this? Or is this largely outsourced and they're getting their data basically provided to them in report format? How does that go with most of your client base?” – Jeff Kernohan

“There are two categories here that I've seen. There are larger organizations that have a robust internal capability of trained threat management and threat assessment people, and there are organizations that have virtually nothing. They may have good intentions, but not the requisite training and programmatic elements to tackle modern day threats. Artem can comment on some of the threat cases that he's working with Resolver, but we seek to address anybody in that continuum. Where there's a robust program in place, a lot of our clients reach out to Kroll when they're either out of bandwidth or need additional subject matter expertise. For clients and potential clients who don't have the internal infrastructure, we help train their personnel, put the policies and procedures in place, establish the reporting mechanisms and, ultimately, train the threat management and threat assessment teams on how to handle threats from inception all the way through to intervention, mitigation and a reasonable conclusion.” — Matthew Dumpert

“I'd agree with that. What we see at Resolver is often the gamut of program maturity customers. We have very mature customers that have a lot of programs, threat monitoring tools and systems in place, looking for a place for their team to work. That's being able to ingest everything into one platform, collaborate with your teams and in other internal teams, assign action planning and assess the threats correctly in a consistent manner. They are looking for a workflow platform that's powerful enough to work across the organization and connect to their other incident management data. We also see customers who are just spinning up their programs and who need a lot of help developing the methodologies that they want to apply, creating the processes and building the program to be able to manage threats effectively. We're seeing a lot more of that recently as more and more organizations are realizing that this is a critical component of their security posture.”— Artem Sherman

“I also see a lot of organizations coming to the realization that this is critical. This is critical to continuity and resiliency. This is critical to protecting your brand, people, property and executives. One of the things that I like to note is that it's not only important to highlight threat management and threat assessment as a notion, but to really invest in people and process to make sure they're properly trained in identifying threats, investigating and using all the known information to properly assess. The assessment of threats can be quite tricky. At Kroll, we oftentimes bring in experts in mental health, particularly forensic psychiatry or psychology. We also bring in criminologists, handwriting experts and forensic handwriting experts who can review content for context, syntax and all the things that indicate somebody's mental state. They can truly recognize that if an organization doesn’t have the internal capabilities, need or desire to have this organically built within their organization and help them find a partner who has the proper training and methodology to avoid bias, reduce the potential for missing a critical signal and keep people from over or under reacting. Keep in mind, when an organization or a person is being threatened, anxieties can be high, and people can often overreact. What we need to ensure is that our partners have properly informed and trained teams to truly assess the criticality and the legitimacy of any threat that they're assessing.” — Matthew Dumpert

“I also like the ability to ensure that everything's being shared properly. We often see the silo effect, where HR knows about an issue and the manager knows about an issue, but it never comes together. I like the idea of what we’re talking about the ability to generate reports. We can search, use artificial intelligence and use all these different tools to get this data to the right place so that we are not siloed in our responses. This helps us avoid issues down the road; after an incident takes place, we don’t want to have five different people tell us they knew all these things all along and had it their own systems, but not in a shared system that everybody got to see. So, I like the idea that, when it really comes down to what you're seeing today, organizations are best sharing, compiling and sorting this information. How else do people manage this process? How are people ensuring they can do this if they don't have a tool like Resolver to be able to bring this all together?” – Jeff Kernohan

“That's probably the biggest disconnect that I see throughout all industries and verticals. There’s a real desire to tackle these problems with modern day solutions, apply all the best tenets of threat management and threat assessment and be on the leading edge of mental health awareness, substance abuse and all the things that can exacerbate a threat case. Yet, the disconnect is in connecting the dots and breaking down the silos between business units. Human resources or human capital might have access to certain information while legal and security and risk management might have access to other information. All these compartmentalized offices have access to different types of information and nobody's connecting the dots. There's a real willingness to try, and that is exciting and a powerful capability that Resolver brings to the table.” — Matthew Dumpert

“Yeah. I'd agree with that. In addition to what you mentioned, another thing we often hear from our customers is the need to have proper escalation and notification flows, which manual processes don't lend well to. You're either over communicating things that are not sufficiently important and you fall into the noise category, or you fail to communicate something that's very important to a business partner and executive that they really needed to know about. With automated communication, notification flows and escalation flows that a platform like Resolver allows, these scenarios are resolved for those customers, and they know that all of the right actions will be taken reliably, every time.”—Artem Sherman

“Excellent. The information you guys have covered has been fantastic today. I'm really enthralled by everything that you're giving me, but are there any last-minute messages that we need to make sure our listeners are aware of when it comes to gathering and using all this data and being effective in threat management? Anything you guys want us to take away from the podcast?” – Jeff Kernohan

“I think over the past couple of years, organizations have moved to be more distributed and operate in a more remote and distributed fashion. What they're realizing is that, at the same time, their duty of care extends to that remote and distributed world. That’s where we see that shift from a primary focus on physical security moving into the virtual threat protection and online space more and more. Organizations are trying to figure out, how do I still protect my assets and my people in a remote world? And that's where they start to move towards realizing that they really need a more robust threat protection program.”—Artem Sherman

“Well, that seems like a good ending point. I'd like to thank both of my guests for coming on today and talking to us. Also, I'd like to thank all our listeners. Please tune in next month where we're going to have an interesting session on threat management in the health care environment and all the particulars that come along with health care and the security and risk issues that they face. We'll see you next time.” –Jeff Kernohan

Business Continuity, Resilience and Disaster Preparedness

In today’s fast-paced world, disruptions can happen anytime. Kroll’s full suite of business continuity, resiliency and disaster preparedness capabilities is designed to prepare your enterprise for unexpected risks and maintain competitiveness throughout the full lifecycle of any disruption.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.