There are plenty of technical solutions for risk management, but the human element is often not considered. Our cultural and behavioural analysis services focus on the human side of risk management—from dealing with disgruntled employees to the process of hiring high-level executives and conducting negotiations. Our experts use proven methods to identify both internal and external threats and the strategies for mitigating the risks.
How we help you manage human vulnerabilities
Human due diligence Read more Read less
When hiring people, the focus is usually on the financial, commercial and operational aspects, leaving the human element unexplored until it’s too late. Human due diligence is about understanding the culture, attitudes, capability gaps, points of friction, and differences in decision making that can make or break a positive new hire.
The resulting damage from a high-level hire who just isn’t the right fit, can be reputational, financial and cultural. Getting the right type of information from today’s environment so you know if you’re hiring the right people is key to managing the risk of human behaviour.
The PGI-JTiP team have developed a set of tools that facilitate the understanding of the people in your organisation and those you would like to bring in:
Culture Metrics was developed by PGI-JTiP founder, John Taylor and Professor Adrian Furnham and Luke Treglown; world-leading experts on the causes of employee disenchantment and the implementation of corrective measures. Culture Metrics offers senior clients the ability to monitor the internal culture of their organisation and avoid the risks posed by insider threats. If a vulnerability is detected we provide immediate notice and remedial advice for any issues identified, as well as a detailed technical and management report on completion of the work.
Our team come from a mixture of backgrounds, including the worlds of intelligence, security, diplomacy, police, academia and IT. This breadth of experience enables us to gain in-depth insights from multiple perspectives. We use several tools and methods to elicit the information required to make a profile, including Remote Profiler.
Remote Profiler is provided by PGI-JTiP and uses intelligence skills and psychological insights to help governments and corporate clients identify and manage people risks during major negotiations.
Online hostile threat reconnaissance Read more Read less
Digital crime and cyberattacks—including identify theft, blackmail and corporate espionage—are on the rise and now pose one of the greatest threats to both reputation and bottom line. As part of a reputation management strategy, it is important to understand your personal digital footprint in order to manage the risk to your organisation and people.
PGI’s Online Hostility Reconnaissance service is designed to put you back in control of your online footprint and reputation. By using a combination of intelligence and cyber resources, our analysts will be able to establish a comprehensive picture of how the public profile of an organisation or a high-profile person may be at risk.
Our analysts identify physical, human or cyber vulnerabilities to individuals and companies based on the same open-source material—including the dark web—available to competitors, terrorists, activists and hackers. This investigation will culminate in a report which summarises the threats and recommended remedial actions in seven key areas:
- Social media
- Business transactions
- Press reporting
- Personal security details
- Personal location information
- Pattern of life
- Familiar vulnerabilities
It can take just a few minutes to damage a reputation that has taken years to build. Understanding the threats specific to you can help you mitigate the risk.
Social engineering simulations Read more Read less
Social engineering is the exploitation of human psychology to gain access to buildings, systems or data, rather than technical hacking techniques. It is a method used by hackers to manipulate people into giving up sensitive information, such as passwords or bank details. These methods are effective as they take advantage of most people’s natural inclination to trust.
Surprisingly, it is a lot easier to trick someone into giving up their password than it is to hack it. Because humans are generally helpful and like to be efficient, prefer to avoid confrontation, are always keen to get something for free, and want to please management, criminals can easily access the information they need.
The best defence against social engineering attempts is education.
Red team testing
Red-teaming is often considered the highest standard of threat emulation and is suited to organisations who have an active security programme and are looking to validate the effectiveness of their approach and the alertness of their defensive solution.
A team of offensive security professionals are engaged to perform a specific task; be it compromising a network, accessing a specific file and taking a copy, or gaining access to an individual’s business emails. Typically, an objective is specified and the team’s creativity is unleashed (within limits, of course). This more closely simulates what a genuine attacker would do – explore and search for the easiest way into a target using their skills to create opportunities when none currently exist.
Regardless of whether the team meet the objective, PGI consultants will explain what they did and how this was achieved. This can be compared to any discovered actions to ensure that logging and monitoring levels are sufficient, and to identify the attack taking place, preventing a genuine intruder from taking a similar approach.
More than 90% of cyber breaches are a result of successful phishing campaigns. These breaches can result in a loss of network functionality, degraded utilisation of hardware, and significant reputational damage. Phishing emails are responsible for threats entering networks and systems, providing intruders with a foothold to continue their attack from.
With phishing emails and the associated techniques that threat actors use becoming more sophisticated and harder to spot, PGI recommends phishing vulnerability assessments to help you minimise risk and improve your processes.
A phishing vulnerability assessment is designed to boost awareness of risk and demonstrate how all employees can help to improve cyber security in the workplace, through better recognition of potential hazards.
Ready to get started? Speak to one of our experts.
If you have any questions about our services or would like to learn more about our consultants here at PGI, please get in touch with us and speak with one of the team, call us on +44 (0)845 600 4403 or email us at email@example.comGet in touch
Why choose PGI?
From the diverse origins and disciplines of British Government departments, academia and commercial enterprise, PGI has developed a global team of talented and experienced individuals. The team has worked with a wide range of clients, including the UK government as well as governments in Asia, Europe and the Middle East. We also work for large corporate organisations in Africa, Central and North America and Europe.
This breadth of experience enables us to understand the varied requirements and outcomes of each organisation we work with. We operate on a basis of partnership with our clients to deliver the shape and model of the solution they require as quickly and effectively as possible.