According to research from LogRhythm, on average, 49 percent of business users admit to having shared their network password with at least one other user. This means that as as employee numbers grow, so an organisation’s vulnerability to insider threats increases significantly. The consequence of this can cause long term damage, taking months or longer to correct. A new report from the analyst firm suggests some best practices that companies can undertake to protect their business interests. Included among the solutions is user and entity behavior analytics.
User behavior analytics refers to a cybersecurity process concerned with the detection of insider threats, targeted attacks, and financial fraud. User behavior analytics solutions tend to focus on patterns of human behavior. This is assessed by applying algorithms coupled with statistical analysis to detect anomalies among information technology use by workers in an entity. The primary role is to identify patterns and anomalies which indicate potential threats.
The approach differs to standard cybersecurity methods which focus on tracking devices or being alert to specific outside security events. Many technology experts see user and entity behavior analytics as a superior model for attack detection and will maintain that this approach is better able to achieve more accurate detection of bad actors threatening networks.
In terms of the extent of the problem, The Global State of Information Security Survey 2016, from PwC, revealed that in 63 percent of cases, current and former employees are the source of security incidents.
This can be avoided, according to LogRhythm’s report, by using enhanced internal security controls. These can enable an organisation can also defend against insider threats by gaining a more holistic view. Here machine learning capabilities and sophisticated analysis can build a baseline of what normal user-network interaction is. From this a platform can flag any anomalies. Serious flags could indicate detection of things like a user login from a new location to the unauthorized transfer of data to an external source.