Insider Threat Detection Using DISC: A Behavioral Approach to Cybersecurity

In today’s cybersecurity landscape, detecting insider threats has become a critical challenge. Organizations not only face external threats but must also address difficult-to-identify internal risks. Over the past three years, I have been working for a PayTech operating in Latin America (Colombia, Peru, Chile, Ecuador, Mexico) and the United States, where I developed and led the cyber intelligence department. One of the most important initiatives I implemented is a framework for insider detection through cyberprofiling, using the DISC model to identify potential internal threats.

Using the DISC Model for Insider Threat Detection

The DISC model, known for its ability to analyze and classify behavior types, was adapted here to help identify insider threats. The survey I designed assesses cybersecurity awareness levels and seeks to detect potential insider threats through behavioral analysis.

The survey does not feature “right” or “wrong” answers. Instead, it aims to identify patterns that reveal risk-prone behavior, enabling us to take preventive actions. With the support of key departments such as communication and information security, we effectively rolled out this initiative across the organization, reaching over 450 individuals.

Methodology and Survey Development

The survey was designed around behavioral analysis, with each question offering five possible answers representing different levels of risk: High, Medium High, Medium, Medium Low, and Low. Some of the questions included:

• How do you handle passwords and other sensitive data within your team?
• What actions do you take if you detect a potential cybersecurity risk in your daily work?

To evaluate the responses, I used a statistical analysis focusing on answers that showed a trend toward High and Medium High risk. This allowed us to identify employees whose responses indicated a higher level of risk when it comes to cybersecurity.

Results and Conclusions

The analysis of the survey responses revealed behavioral patterns that could be linked to potential insider threats. Several individuals exhibited behavior that indicated a significant level of risk. These employees were prioritized for:

1. Personalized training in risk management and cybersecurity awareness.
2. Continuous monitoring to detect risky behaviors early.
3. Participation in cybersecurity simulations (such as phishing exercises) to improve their response to potential incidents.

A Strategic Approach: Threat Modeling and Cyber Risk Modeling

This insider detection framework is just one part of the comprehensive approach I’ve developed for the PayTech. I created a Cyber Risk Modeling framework with a strategic focus, incorporating models such as Porter and PESTEL to analyze internal and external threats. Additionally, the use of Threat Modeling has allowed me to anticipate and prioritize the most critical threats faced by the organization across the region.

This framework for insider threat detection based on cyberprofiling and behavioral analysis has been essential in identifying potential risks before they escalate into major incidents. In future posts, I will dive deeper into how Threat Modeling and Cyber Risk Modeling, with a strategic approach rooted in Porter and PESTEL, are critical to strengthening an organization’s cybersecurity posture.

• DISC US Online. (n.d.). How DISC works. https://www.discusonline.com/en-us/disc/how-disc-works.php
• Cybersecurity and Infrastructure Security Agency (CISA). (n.d.). Defining insider threats. https://www.cisa.gov/topics/physical-security/insider-threat-mitigation/defining-insider-threats
• Center for Development of Security Excellence (CDSE). (n.d.). Behavioral science and insider threat. https://www.cdse.edu/Portals/124/Documents/jobaids/insider/Behavioral-Science-and-Insider-Threat.pdf