Intelligent CISO Issue 20 | Page 76

behaviour or disagreements with colleagues, or even talk about resigning. Of course, these signs of dissatisfaction at work aren’t evidence in themselves and, while outward behavioural clues could point to a potential issue, the most effective way of determining malicious behaviour, with certainty, is through digital analytics. A co-ordinated approach Many of the tell-tale behaviours of an insider threat can have perfectly innocuous explanations in isolation. But if looked at together, they can build a picture of someone who is trying to defraud or take down a business. As such, organisations need a co-ordinated approach to monitoring, so that they can put the pieces together and spot the threat. Continual monitoring of permissions, access and activity is necessary for spotting any unusual behaviours. This can be augmented through behaviour analytics, a technique which automatically analyses behaviour across multiple platforms and alerts an IT security team to potential threats, through comparisons to a normal behavioural profile. No organisation wants to think that it cannot trust its employees yet putting measures in place that can mitigate the insider threat is common sense. 76 These profiles are built up through the collection of information from various data points, such as how regularly a user accesses the data and what they do with it – for example, do they just read it, change it or move it? This can offer a more accurate indicator of malicious intent than threshold- based alerts, which notify the IT security team every time someone exceeds a pre-set limit, such as moving a certain number of files from one location to another. No organisation wants to think that it cannot trust its employees yet putting measures in place that can mitigate the insider threat is common sense. By actively monitoring for suspicious behaviour and framing this in context to build a profile of what’s normal – and what’s not – organisations can keep the risk posed by a malicious insider to a minimum. u Issue 20 | www.intelligentciso.com