Underestimated risk: insider attack

Insiders - be they careless employees or malicious employees who steal or even delete data for financial or personal motives - are an enormous risk for data security in companies. Often, employees, outside contractors and other third parties have legitimate access to sensitive data in order to operate effectively and flexibly. This presents a challenge for security teams because it is much more difficult to detect threats when the actor in question has valid access to corporate data. However, with appropriate policies and technologies, the risk of internal data loss or theft can be significantly reduced.

Sensitization of careless employees

Raising awareness and training their own employees is one of the most effective defenses companies have against insider threats. This is because most unintentional data breaches result from the actions of a careless employee. Regular data security training teaches employees how to properly handle sensitive company data. In addition, all employees should be informed about new data policies or technologies before they are implemented.

Data-centric security approach

However, this does not protect sensitive data from employees who use their access rights to deliberately do the wrong thing. However, the risk of data misuse or theft from insider threats can be mitigated with appropriate technologies. These technologies should be data-centric: That is, they give security teams visibility into what corporate data is being accessed, how, when and by whom. This allows security managers to quickly identify unusual activity. In addition, these technologies should automatically prevent an unauthorized employee from copying, transferring or deleting sensitive data. Such a data-centric approach to security also ensures that careless employees do not accidentally move or send sensitive data.

UEBA tools monitor user behavior

User and Entity Behavior Analysis (UEBA) is a cybersecurity process for tracking suspicious or malicious behavior. UEBA tools monitor the user behavior of employees and external contractors with access to applications, accounts, and servers that store sensitive data. To do this, UEBA tools use advanced machine learning algorithms combined with statistical analysis methods to identify potential insider threats. This is done by creating a standard behavioral profile of the user in question, with information such as the location and devices from which a user usually logs in, which files and servers they usually access, how often and at what time, what access rights they currently have, and much more.

If a user downloads a certain amount of data from a certain device every day and accesses a certain number of servers every week, the analytics tool will notice that the account suddenly downloads gigabytes of data from a foreign location or accesses new servers. Thus, the tool will sound the alarm.

UEBA also protects against external threats: For example, it may be relatively easy for cybercriminals to use phishing attacks to steal credentials such as an employee's username and password, but it will be difficult to mimic the default behavior of that user on the network.
By Christoph M. Kumpa, Director DACH & EE at Digital Guardian

More on the topic of insider threat here