One of the questions our parent company Fishtech Group has been asked repeatedly during its nationwide Threat Hunt Tour is: “How can we do a better job of mitigating our insider threats — not just the external ones?”
Good question. And very timely, considering that 70% of companies in a recent survey conducted by Haystax and Cybersecurity Insiders said insider attacks have become more frequent in the past 12 months.
At Haystax, we believe the most effective insider threat mitigation programs seamlessly combine policies, processes and technologies into a comprehensive risk-based approach that can detect insiders regardless of whether they are malicious, willfully negligent or simply unaware of the harm they’re causing.
As part of that approach, the optimal technologies use a blend of analytic techniques to assess and prioritize workforce risk. For example, Haystax employs probabilistic models, enhanced with rules-based triggers and machine learning algorithms, to detect and prioritize anomalous behavior among trusted employees at government and private enterprises alike.
September was National Insider Threat Awareness Month, an ideal opportunity for the Haystax team to reflect on some of the top challenges that small and medium enterprises need to focus on as they hunt for insider threats:
- Consider the wide variety of insider threat personas, for example. Haystax has been supportive of a Verizon study that took organizations to task for looking primarily for malicious insiders, ignoring several other kinds of threat behaviors that are often just as harmful. Verizon lists not one or two, but five, categories of insider threat: Careless Worker; Inside Agent; Disgruntled Employee; Malicious Insider; and Feckless Third Party. It takes a particular kind of analytics to distinguish between them.
- Continuous vetting is the new black. It’s no longer sufficient for an organization to screen employees once before they walk in the door. Examples abound of people ‘going rogue’ after a few years of employment, due to a variety of factors that can include financial stress, failed relationships or poor HR reviews. As a result, employers need to find a way to continuously vet (aka evaluate) their staff, executives and even their vendors and contractors. Haystax has blogged numerous times about the issue, including here, here and here.
- Most malicious insiders are smart enough to conceal their behavior and blend in well with the normality around them. In these cases, it takes the ability to turn qualitative information collected from a wide variety of sources, including fellow employees and anecdotes, and transform it into quantitative evidence used to ‘connect the dots‘ and catch a spy or saboteur or fraudster before he or she can do real damage. See the recent Haystax use case on convicted Cuban spy Ana Montes for an example of how that works.
- Despite its wide use, the term user behavior analytics (UBA) has come to mean something quite narrow: analysis of user behavior on networks and other systems, and the application of advanced analytics to detect anomalies and malicious behaviors in those systems. Find out why that network-centric approach is not adequate to the task of catching your most dangerous insiders — and why a person-centric analytical approach is.
- Also find out why small businesses are most vulnerable to insider fraud, and how the U.S. government’s latest Insider Threat Maturity Framework still leaves some key questions unanswered.
- Finally, the Haystax white paper To Catch an IP Thief lays out in detail the events that lead a fictitious senior executive down an unhappy path from star executive to full-blown insider threat in the space of less than four years — and how the Haystax Analytics Platform would have detected him before he could steal his company’s valuable intellectual property.
Since October is National Cybersecurity Awareness Month, it’s also an opportune time to showcase Fishtech Group’s Security-as-a-Service division, CYDERES, a top-rated managed security services provider (MSSP) for detecting internal and external cyber threats.
A brand new partnership with Alphabet unit Chronicle gives CYDERES the ability to deliver managed detection and response services for Chronicle’s new Backstory platform. This partnership offers clients unmatched capabilities for threat hunting, incident investigation and ultimately detection and response.
# # #
Note: There are 10 Fishtech Threat Hunt Tour sessions to go between now and the end of the year. Click here to register for the one closest to you, and learn how CYDERES and Chronicle can help you hunt down your external and insider threats in an entirely new way.