Cybersecurity Services: Insider Threat Prevention

Cybersecurity Services: Insider Threat Prevention

Insider Threat Prevention

Every company faces threats that originate from the inside. With a greater focus of cybersecurity revolving around external threats, internal threats frequently are neglected and may cause adverse impact to a company’s financial and reputational standing. CRA has extensive experience collaborating with organizations to assess and understand their insider threats and develop appropriate controls to detect and manage today’s growing threat landscape.

Find an expert >

A holistic approach to insider threats

CRA’s cyber team leverages industry leading cybersecurity standards, guidelines, and frameworks to provide a holistic approach to cybersecurity strategy. We don’t just resolve the technical threat posed by threat actors—we address the human and business elements of an incident and solve issues which exist both pre- and post-incident. Our insider threat prevention expertise includes:

  • Intellectual property theft
  • Sabotage
  • Fraud
  • Unintentional insiders
  • Espionage

Approach and methodology

CRA’s cyber specialists work side-by-side with clients to comprehensively assess their insider threat capabilities, recommend changes, and implement improvements.

A thorough evaluation of insider threat program functions can’t be accomplished without assessing attributes that span across people, process, and technology. CRA collaborates with your team to understand your company’s threat landscape. With this knowledge, our team can align recommendations with your company’s initiatives. Our methodology allows us to point out existing strengths, better manage weaknesses, provide a current state maturity rating, and formulate a roadmap to drive the program to a mutually determined target maturity rating for your insider threat program.

We work with your team to interview relevant stakeholders, review existing documentation, processes, and gain insight into existing insider threat technologies and detection rulesets. This information serves as the foundation of the assess phase.

We utilize the insight gathered from our observations using a combination of the NIST Cybersecurity Framework and CMU CERT guidelines and standards. This approach aligns insider threat attributes across the following cybersecurity functional phases: identify, protect, detect, respond, and recover. The insider threat attributes span across people, process, and technology in order to provide a holistic perspective. Each functional phase will be assigned a maturity rating, and ratings from each phase will be a veraged to indicate an overall current state maturity rating.

Your company will receive tailored recommendations based upon your current state maturity, risk appetite and relevant risk landscape. Our specialists will also provide a roadmap to prioritize quick wins, medium term, and long term recommendations.

Upon completion of the insider threat program assessment, you also have the choice of allowing our specialists to assist with the implementation process. We provide industry leading expertise to mature your insider threat program, spanning across governance, technology, risk and threat landscape, policies and procedures, as well as detection rulesets.

Recent client examples

Issue: A global technology company sought to improve its insider threat program to reduce intellectual property theft.

Action: CRA conducted an in-depth insider threat assessment to gauge the client’s current state maturity. Our team of specialists utilized the recommendations in order to create policies and procedures, an insider threat risk register, a core insider threat team, and provided relevant detection rulesets.

Impact: The client was able to prioritize risks based on a tailored roadmap and request appropriate budget and resources to implement enhanced insider threat program functions to detect and prevent intellectual property theft.

Issue: A large utility company was beginning to stand-up a formalized insider threat program and wanted to assess their current capabilities.

Action: CRA conducted an in-depth insider threat assessment to gauge the client’s current state maturity. Our team of specialists adopted the client’s maturity model in order to effectively align with pre-existing initiatives. CRA provided the client with a tailored recommendation roadmap.

Impact: The client was able to utilize our recommendations in order to formalize their insider threat program to protect their critical infrastructure and systems.


  • Tanium: Certified Incident Responder
  • Gigamon: Network Forensics and Incident Response
  • Cylance: Incident Response
  • Carbon Black: Incident Response
  • Recorded Future: Certified Threat Intelligence Partner


  • Combined decades of experience specializing in providing incident response, internal affairs investigations, compromise assessments, and post response services for organizations across a wide spectrum of industries.
  • Previous incidents include Nation State actors, Advance Persistent Threats (APT), SWIFT heists, theft of Payment Card Information (PCI), Personally Identifiable Information (PII), Protected Health Information, and Intellectual Property, Ransomware, Extortion, Business Email Compromise (BEC), Phishing, and Denial of Service.
  • CRA Forensic Services is ISO27001:2013 certified, the best-known international standard for information security.
  • CRA International, Inc. holds private investigator licenses in Illinois (License No. 117.001795 115.002511), Indiana (Private Investigator Firm License No. PI21600025), Massachusetts (License Number LP1045A), and Michigan (Professional Investigator Agency License No. 3701207037).