Our Capabilities: Risk Assessments & Counterintelligence

Mitigating the risk of loss

Economic espionage is a big problem that costs the world economies hundreds of billions of dollars per year and puts our global security at risk. While it is not a new threat, it is a growing one, and the theft attempts by foreign competitors and adversaries are becoming more brazen and varied.

The Insider Threat is, current or former employees, contractors, or business partners, with authorized
access to company information who misuse that information for their own benefit or that of a
competitor or foreign nation

Counterintelligence (CI) is information gathered and activities conducted to identify, deceive, exploit, disrupt, or protect against espionage, other intelligence activities, sabotage, or assassinations conducted for or on behalf of foreign powers, organizations, or persons, or their agents, or international terrorist organizations or activities.

Or simply stated CI is about identifying intelligence threats and developing mitigation strategies
to address and neutralize those threats.

The Chaos Group of Canada Counterintelligence Program:

Threat Risk Assessments

New employee orientations and continual refresher training can equip the workforce with the skills needed to understand who your company’s adversaries are, identify threats, and follow reporting procedures for suspicious activities. A highly trained and aware workforce is key to the early detection of potential threats. Companies should utilize a CI-specific non-disclosure agreement before divulging their threat and vulnerabilities.

Threat Analysis, Reporting & Response

An analysis, reporting, and response capability can integrate resources and information from across relevant corporate elements (CI, security, IA, HR, general counsel) and provide assessments and warning on data that may be indicative of a threat. Mature CI programs will also want to incorporate risk assessments related to sensitive acquisitions into this analytic and reporting process.

Suspicious Activity Reporting

Defining, training the workforce, and developing company reporting policies on suspicious activities that are deemed inappropriate or potentially threatening could provide an effective “early warning system” of potential threats to your employees or company.

CI Audit

A CI audit capability would enable your company to monitor user activity on corporate IT systems. This would help to identify anomalous behavior, deter the theft or unauthorized use of company information, and protect the company from network intrusions.

CI Investigations & Counter Survillence 

Companies with more advanced corporate CI programs may wish to augment their ability to conduct security investigations with a capability to perform preliminary CI investigations that are consistent with the law.

 

Threat Awareness & Training

New employee orientations and continual refresher training can equip the workforce with the skills needed to understand who your company’s adversaries are, identify threats, and follow reporting procedures for suspicious activities. A highly trained and aware workforce is key to the early detection of potential threats. Companies should utilize a CI-specific non-disclosure agreement before divulging their threat and vulnerabilities.