Unveiling the Insider threats

Organisations have to be able to deter employees from making bad decisions. There are two parts to it: detection and mitigation.

When you let the employees know that they are being watched and are likely to be caught then that is detection, and when you put in place programs to assist them, that comes under mitigation.

Understanding and dissecting complex human behaviour is key to unravelling the human threat. Cyber Security professionals need to be trained on human actions in order to successfully define normal, baseline user behaviour vs abnormal changes to that baseline behaviour.

Timely identification of fraud indicators is crucial. Fraud indicators i.e. triggers are deviations from normal user actions, such as:-

• Use of removable media by employees
• Use of printers or fax machines far from the office
• Logging into the system beyond or before work hours (at night or weekends)

While designing automated monitoring systems, these triggers can be relied upon. However, numerous automated systems are designed on single triggers, whereas automated systems based on multiple triggers prevent false alarms and effectively spot deviations. Additionally, instead of only fixing the insider threat damage, it is necessary to examine the factors that increase or decrease the chances of an insider threat.

The common known factors are disgruntlement and ego, for which organisations can provide avenues to employees to vent their frustration: for instance, a one-on-one with the manager/HR. Further, with regards to ego problems, employee recognition programs can be implemented that offer more public praise. Greed is another factor that motivates employees to sell organisational secrets; though difficult to identify, it can be mitigated through grievance cells.

The other side of the coin is an external intruder, as mentioned previously, who uses a compromised account to gain access to internal systems. The intruder can then easily steal information, corrupt essential computer systems and disrupt normal business operations. User Behaviour Analytics (UBA) comes into play to combat this type of threat: it involves keeping track of user activities, especially those with elevated privileges such as system administrators and users with access to highly sensitive information. Any activity outside the normal activity is a trigger.

These analytics furnish better results when combined with in-depth intelligence about the user’s identity and his/her information network privileges. In this regard, activities across multiple accounts can be tracked. With the right combination of data resources and sophisticated technological working tools, the problem of insider threats can be effectively mitigated. In addition, employee behavioural data and user data analytics can tide over the existing insider threat scenarios.

Furthermore, a robust insider threat mitigation program can significantly reduce the likelihood of compromise.