normal job role. For example, if they’re
searching for and accessing data that
they shouldn’t be or making repeated
requests to access sensitive data. It
could be that they are looking through, or
downloading, vast amounts of sensitive
information not related to their job role.
There could be perfectly innocent
explanations for each of these. It may
be that, unknown to the IT security
team, the user’s job role has changed.
Another digital sign that could have a
reasonable explanation is that the user is
www.intelligentciso.com
|
Issue 20
copying large amounts of data on to an
unauthorised storage device or emailing
it outside the network. They could
simply need to work on these files at
home, however an organisation cannot
be too careful and these all need to be
investigated. Also, while these actions
might not be malicious, they could, in
themselves, cause a security breach.
Behavioural warning signs
How the user behaves in real life can
also be a clear sign that they are
leaking information to the outside
world. Red flags are usually linked to
unusual working patterns or noticeable
changes in an employee’s conduct.
For example, although it’s now
commonplace for employees to log on
at the weekend or late at night, if work
patterns suddenly begin to change,
it could point to covert activity when
linked with other information.
Signs could also include attempts to
bypass security and corporate policies
and social elements such as bad
75