By Findlay Whitelaw, Field CTO, Insider Threat Program and UEBA Solutions, Securonix
Over the last few weeks, I have had the incredible opportunity to host and participate in three insightful video sessions, each one shining the spotlight on insider threats. It drove home the importance of how conversations help break down the complex nature of the drivers of insider threats and the responsibility organizations have to protect data. For those who missed the sessions or need a refresher, here is a recap of what we covered:
Understanding types of insider threats and the importance of security culture
Vinny Sharma, Marketing Director, APAC and I discussed the importance of insider threats and focused on the types of insider threats that organizations need to understand, including:
- The Negligent Insider: An individual who might inadvertently compromise security due to a lack of awareness, training, or carelessness, perhaps getting distracted, for example, not following security protocols or mishandling sensitive data.
- The Unwitting Insider: Someone who becomes an unwitting accomplice, for example, someone who falls for a phishing attack or someone who has been manipulated to perform actions or share information that compromises organizational security.
- Malicious Insider: Individuals with intentionally harmful motives, possibly driven by self-serving motivations, for example, financial or revenge.
In order to stay ahead, organizations need to adopt a proactive strategy; key approaches (but not exhaustive) include:
- Cultivating an effective security culture: Emphasizing the importance of safeguarding organizational data and assets
- Regular training and awareness programs: Keep employees updated with best practices and policies
- Implement controls: Restricting access based on roles and responsibilities such as, least privilege principle, network segregation, multi-factor authentication, DLP, adequate encryption
- Continuous monitoring: Real-time monitoring of systems and activities across platforms
- Fostering open communication and clear reporting mechanisms: Ensuring security remains everyone’s responsibility
- Behavioral analytics: Detect unusual patterns or risky behaviors that may indicate potential insider threats
Emerging cybersecurity threats in APMEA: An expert discussion
Zubair Chowgale, Senior Sales Engineer, Securonix, shared with me his insights into the challenges and changes he has observed within his region of APMEA. He brought to life two use cases through real-life examples of document abuse/data exfiltration and privilege access abuse, which continue to be major concerns for organizations.
Zubair stressed that no region or industry remains untouched by cyber or insider threats; however, financial services, e-commerce, retail, telecoms, healthcare, and utility sectors can be particularly susceptible. This may be partly due to their valuable data, financial relevance, and critical infrastructure.
Zubair also discussed the unique benefits of user entity behavior analytics (UEBA), particularly from a proactive rather than a reactive security monitoring perspective. Zubair highlighted that through the use case concerning document abuse and data exfiltration, traditional DLP tools focus primarily on data movement with static rules. In contrast, UEBA looks to detect anomalous activity before data exfiltration attempts and context.
In the scenario with privileged access management (PAM) abuse, PAM tools look to manage and monitor privileged users. If users access systems out with their permissions, PAM logs it but may not alert for unusual behavior within allowed access. In contrast, UEBA detects behavioral anomalies using dynamic learning, monitoring user behavior in real-time against established baselines where any deviation from typical behavior, such as access patterns, gets flagged.
Zubair highlighted that UEBA capabilities could be enriched by integrating HR data, access logs, or communication channels, providing a 360-degree view of potential threats. UEBA’s power lies in its ability to correlate data across multiple systems to detect potential insider threats.
One consistent element from all the discussions was that no organization is immune to insider threats. However, leveraging advanced technological capabilities, including user behavioral analytic tools, will significantly bolster your insider threat program.