Will The Insider Threat Intensify During The Recession?

In the face of what could be a prolonged economic recession, organisations are gearing up to navigate an exceptionally unique business environment. Covid-19 has heralded a new era whereby the democratised workforce sees employees become increasingly comfortable expressing both their satisfaction and their grievances.

For businesses, this presents a difficult dynamic. With inflation at a 20-year high and economic conditions looking like they may very well worsen, employers are set to come under pressure from their staff demanding wage increases as they too look to navigate the cost-of-living crisis. 

While many of those that aren’t satisfied will simply opt to vote with their feet and move on in search of higher salaries, there is the very real threat that others in less fortunate situations may go rogue. Indeed, there’s already evidence that employees are exfiltrating data when they are made redundant, or even accepting payments from hacker groups in return for planting malware. And Verizon’s 2022 Data Breach Investigations Report found 20% of global data breaches were caused by internal actors last year. 

There’s now every chance that this very real threat may grow with economic hardships likely to create growing factions of disgruntled employees. And that means organisations must prepare for and build on the measures they have in place, particularly as the ramifications of these attacks can be costly. According to the 2022 Ponemon Cost of Insider Threats Global Report, organisations spent a whopping $15.38 million on average dealing with insider threats in 2021.

How UEBA Can Help

Fortunately, solutions capable of assisting firms in proactively combatting insider threats are available today. 
User and Entity Behaviour Analytics (UEBA) stands as a prime example. It taps into machine learning technologies to enhance the investigation of unusual patterns in user behaviour while reducing the time spent on threat hunting. UEBA monitors employee activity and assimilates it into a behaviour-based risk model to build a baseline of normal user and group behaviour. 

Typically, this is determined by two forms of context

  • Environmental Context, which includes details such as whether a user was an IT admin or highly privileged user, or if they own the asset in question.
  • Situational context, used to answer critical questions like “has this happened before?” and “is this normal?”. 

Anything out of the ordinary immediately triggers an alert which is supplemented with this important environmental and situational information to help teams more effectively investigate incidents. Resultantly, UEBA is able to empower organisations to mitigate this unique form of risk, damage and data loss.

By detecting advanced attacks early, insider threats can be spotted and stopped in their tracks at speed. 

Making The Most Of Automated Security Solutions

While a core benefit of UEBA is its ability to mitigate the potential threat of internal actors going rogue, it also brings several other benefits to the table. 

Security analysts today have found themselves working in stressful environments. Tasked with trawling through large amounts of data and evaluating an increasing number of alerts to determine if there are signs of a security incident, it’s become a never-ending task. But UEBA can offer some respite and help here by relieving some of the stresses faced by beleaguered security teams.

  • First, it can be used to detect security incidents that are otherwise impossible to identify without machine learning. The peer grouping and baselines it provides make it easy to identify abnormal behaviour, and in turn reduce the time required to respond to the most critical incidents thanks to its ability to set risk scores for all abnormal behaviour. This allows security analysts to prioritise alerts more easily. 
  • Additionally, UEBA can save time by reducing false positives in the SOC. It consistently reviews the typical behaviours of each and every user in order to identify common patterns. If it’s common for someone in the finance team to upload a lot of data in a set period, for example, then UEBA will learn this and won’t create an alert. 

It’s also worth noting that certain UEBA tools can be used to secure business critical systems like SAP. At present, many organisations lack visibility in these systems, with no way of detecting or investigating what has happened following an attack. With the right technologies, however, business-critical systems can be continuously monitored for threats such as IP theft, fraud and access violations, enabling security teams to act on threats and detect and respond to malicious insiders. 

Now, more than ever, analysts are expressing a desire for such capabilities. Indeed, research shows that 71% of analysts say introducing automation to the analyst workflow would help reduce analyst stress, while 63% state that implementing advanced analytics/machine learning would help. 

The demands for automated and intelligent solutions are there. And with insider threats only likely to worsen as the recession progresses, it is vital for organisations to take more proactive measures to prevent breaches instigated by internal actors sooner rather than later. 

Tim Wallen is Regional Director UKI & BeNeLux at Logpoint

You Might Also Read:

No Slack In The System:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« NCSC Alert: British Journalists & Politicians Are Hacking Targets
Ukraine’s Security Agency Says Russian Cyber Attacks Are Increasing »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Uniscon

Uniscon

Uniscon is a leading provider of cloud security solutions in Europe.

Conscia

Conscia

Conscia provides IT infrastructure solutions and 24/7 services in network, data center, security and mobility.

Flexera

Flexera

Flexera is reimagining the way software is bought, sold, managed and secured.

GreatHorn

GreatHorn

GreatHorn offers the only cloud-native security platform that stops targeted social engineering and phishing attacks on communication tools like O365, G Suite, and Slack.

Mantix4

Mantix4

Mantix4’s M4 Cyber Threat Hunting Platform actively defends against cyber threats.

Gilbert + Tobin

Gilbert + Tobin

Gilbert + Tobin is an Australian corporate law firm serving clients throughout Australia, and around the world, on a broad range of legal issues including cyber security.

IoTsploit

IoTsploit

IoTsploit provides 20/20 visibility of network connections, protecting critical infrastructure assets from IoT vulnerabilities.

Safetech Innovations

Safetech Innovations

Safetech Innovations is a team of cyber security experts, always at your service. We use human and cyber intelligence to help your business in uncertain times.

SecureStream Technologies

SecureStream Technologies

SecureStream Technologies have built the IoT SafetyNet - the Network Security Analytics platform to Eliminate Security Threats, Guarantee Privacy, Ensure Compliance, Simply & Easily.

Entara

Entara

Entara (formerly YJT Solutions) is an eXtended Service Provider (XSP) focused on providing cutting edge technology and cyber security solutions to companies in regulated industries.

watchTowr

watchTowr

Continuous Attack Surface Testing, with the watchTowr Platform. The future of Attack Surface Management.

ZAG Technical Services

ZAG Technical Services

ZAG Technical Services is an award-winning information technology consulting firm delivering digital transformation solutions, IT assessments, managed services, security, and support.

Digital Security Authority (DSA)

Digital Security Authority (DSA)

The establishment of the Digital Security Authority, which incorporates the National CSIRT, is crucial to significantly raising the cybersecurity posture and capabilities of Cyprus.

Capzul

Capzul

Capzul are transforming the network security landscape with a new approach; creating virtually impenetrable networks, precluding cybercriminal attacks on your network ecosystem.

Redinent Innovations

Redinent Innovations

Redinent is a cutting-edge IoT Security platform that offers precise security posture analysis and delivers actionable intelligence, empowering businesses to operate with unrivaled resilience.

Compugen Systems Inc (CSI)

Compugen Systems Inc (CSI)

Compugen Systems is an IT service delivery company that focuses on enabling your business outcomes.