behaviour or disagreements with colleagues,
or even talk about resigning.
Of course, these signs of dissatisfaction
at work aren’t evidence in themselves and,
while outward behavioural clues could point
to a potential issue, the most effective way
of determining malicious behaviour, with
certainty, is through digital analytics.
A co-ordinated approach
Many of the tell-tale behaviours of an
insider threat can have perfectly innocuous
explanations in isolation. But if looked
at together, they can build a picture of
someone who is trying to defraud or take
down a business. As such, organisations
need a co-ordinated approach to monitoring,
so that they can put the pieces together and
spot the threat.
Continual monitoring of permissions, access
and activity is necessary for spotting any
unusual behaviours. This can be augmented
through behaviour analytics, a technique
which automatically analyses behaviour
across multiple platforms and alerts an IT
security team to potential threats, through
comparisons to a normal behavioural profile.
No organisation wants to
think that it cannot trust
its employees yet putting
measures in place that can
mitigate the insider threat is
common sense.
76
These profiles are built up through the
collection of information from various
data points, such as how regularly a user
accesses the data and what they do with
it – for example, do they just read it, change
it or move it? This can offer a more accurate
indicator of malicious intent than threshold-
based alerts, which notify the IT security
team every time someone exceeds a pre-set
limit, such as moving a certain number of
files from one location to another.
No organisation wants to think that it
cannot trust its employees yet putting
measures in place that can mitigate the
insider threat is common sense. By actively
monitoring for suspicious behaviour and
framing this in context to build a profile
of what’s normal – and what’s not –
organisations can keep the risk posed by a
malicious insider to a minimum. u
Issue 20
|
www.intelligentciso.com