The report “User and Entity Behaviour Analytics Protecting your organisation from within”comes from IT Management Insight. Drawing upon the results of a survey (The PwC Global State of Information Security Survey), the report shows how around two-thirds of cybersecurity incidences affecting businesses came from either current and former employees. The learning point is for businesses to adopt robust methods for controlling access to sensitive data and for monitoring access in real-time to prevent data breaches from occurring. These twin steps are presented as being essential for the successful security within any organisation.
The implications of this are often contrary to the security policy of most businesses, where typically security is orientated outwards with most organizations focusing their efforts on potential breaches from external sources.
Considering the internal threat, the report draws on two examples:
a) As employee numbers grow, an organisation’s vulnerability to insider threats increases similarly. This means that sensitive data can be stolen, deleted or exposed by malicious individuals with access to it. One common error is with sharing of network passwords. One survey found that almost half of employees admitted password sharing.
b) Carelessness: damage or theft of data can also occur as a result of simple carelessness or a successful phishing attack. This can arise, for example, from an employee clicking on a link embedded in an textual email.
Given that both of these scenarios can take days or months to detect, the report places great emphasis upon improving monitoring systems. A means to do this is through User and Entity Behavior Analytics (UBEA) software. In Gartner: Market Guide for User and Entity Behavior Analytics, UEBA is defined as software that “successfully detects malicious and abusive activity that otherwise goes unnoticed, and effectively coordinates and prioritises security alerts sent from other systems”.
These solutions look at patterns of human behavior, and then apply algorithms and statistical analysis to detect meaningful anomalies from those patterns—anomalies that indicate potential threats. Hence UEBA can serve as a powerful tool for detecting and responding to threats posed by internal users. The analytics help businesses to uncover threats and to prioritize and neutralize each incident.