Will The Insider Threat Intensify During The Recession?

Uploaded on 2023-01-26 in NEWS-Cybersecurity News, FREE TO VIEW

In the face of what could be a prolonged economic recession, organisations are gearing up to navigate an exceptionally unique business environment. Covid-19 has heralded a new era whereby the democratised workforce sees employees become increasingly comfortable expressing both their satisfaction and their grievances.

For businesses, this presents a difficult dynamic. With inflation at a 20-year high and economic conditions looking like they may very well worsen, employers are set to come under pressure from their staff demanding wage increases as they too look to navigate the cost-of-living crisis. 

While many of those that aren’t satisfied will simply opt to vote with their feet and move on in search of higher salaries, there is the very real threat that others in less fortunate situations may go rogue. Indeed, there’s already evidence that employees are exfiltrating data when they are made redundant, or even accepting payments from hacker groups in return for planting malware. And Verizon’s 2022 Data Breach Investigations Report found 20% of global data breaches were caused by internal actors last year. 

There’s now every chance that this very real threat may grow with economic hardships likely to create growing factions of disgruntled employees. And that means organisations must prepare for and build on the measures they have in place, particularly as the ramifications of these attacks can be costly. According to the 2022 Ponemon Cost of Insider Threats Global Report, organisations spent a whopping $15.38 million on average dealing with insider threats in 2021.

How UEBA Can Help

Fortunately, solutions capable of assisting firms in proactively combatting insider threats are available today. 
User and Entity Behaviour Analytics (UEBA) stands as a prime example. It taps into machine learning technologies to enhance the investigation of unusual patterns in user behaviour while reducing the time spent on threat hunting. UEBA monitors employee activity and assimilates it into a behaviour-based risk model to build a baseline of normal user and group behaviour. 

Typically, this is determined by two forms of context

  • Environmental Context, which includes details such as whether a user was an IT admin or highly privileged user, or if they own the asset in question.
  • Situational context, used to answer critical questions like “has this happened before?” and “is this normal?”. 

Anything out of the ordinary immediately triggers an alert which is supplemented with this important environmental and situational information to help teams more effectively investigate incidents. Resultantly, UEBA is able to empower organisations to mitigate this unique form of risk, damage and data loss.

By detecting advanced attacks early, insider threats can be spotted and stopped in their tracks at speed. 

Making The Most Of Automated Security Solutions

While a core benefit of UEBA is its ability to mitigate the potential threat of internal actors going rogue, it also brings several other benefits to the table. 

Security analysts today have found themselves working in stressful environments. Tasked with trawling through large amounts of data and evaluating an increasing number of alerts to determine if there are signs of a security incident, it’s become a never-ending task. But UEBA can offer some respite and help here by relieving some of the stresses faced by beleaguered security teams.

  • First, it can be used to detect security incidents that are otherwise impossible to identify without machine learning. The peer grouping and baselines it provides make it easy to identify abnormal behaviour, and in turn reduce the time required to respond to the most critical incidents thanks to its ability to set risk scores for all abnormal behaviour. This allows security analysts to prioritise alerts more easily. 
  • Additionally, UEBA can save time by reducing false positives in the SOC. It consistently reviews the typical behaviours of each and every user in order to identify common patterns. If it’s common for someone in the finance team to upload a lot of data in a set period, for example, then UEBA will learn this and won’t create an alert. 

It’s also worth noting that certain UEBA tools can be used to secure business critical systems like SAP. At present, many organisations lack visibility in these systems, with no way of detecting or investigating what has happened following an attack. With the right technologies, however, business-critical systems can be continuously monitored for threats such as IP theft, fraud and access violations, enabling security teams to act on threats and detect and respond to malicious insiders. 

Now, more than ever, analysts are expressing a desire for such capabilities. Indeed, research shows that 71% of analysts say introducing automation to the analyst workflow would help reduce analyst stress, while 63% state that implementing advanced analytics/machine learning would help. 

The demands for automated and intelligent solutions are there. And with insider threats only likely to worsen as the recession progresses, it is vital for organisations to take more proactive measures to prevent breaches instigated by internal actors sooner rather than later. 

Tim Wallen is Regional Director UKI & BeNeLux at Logpoint

You Might Also Read:

No Slack In The System:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« NCSC Alert: British Journalists & Politicians Are Hacking Targets
Ukraine’s Security Agency Says Russian Cyber Attacks Are Increasing »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Cyber Conflict Studies Association (CCSA)

Cyber Conflict Studies Association (CCSA)

Cyber Conflict Studies Association (CCSA) is a non-profit organization dedicated to leading a diversified research agenda in the field of cyber conflict.

Brookings Institution

Brookings Institution

The Brookings Institution is a nonprofit public policy organization. Cyber security is covered within the various study areas.

Sucuri

Sucuri

Sucuri have offered holistic website security solutions since 2008 including malware removal, malware monitoring and website protection services.

PartnerRe

PartnerRe

PartnerRe provides multi-line reinsurance to insurance companies on a worldwide basis. Services include Cyber Risk.

EverC

EverC

EverC (formerly EverCompliant) is a leading provider of cyber intelligence that allows acquiring banks and payment service providers (PSP) to manage cyber risk.

Stealthbits Technologies

Stealthbits Technologies

Stealthbits Technologies is a cybersecurity software company focused on protecting an organization's sensitive data and the credentials attackers use to steal that data.

Government CSIRT - Chile

Government CSIRT - Chile

Government CSIRT is the Computer Security Incident Response Team for State networks and government cyberspace in Chile.

HackControl

HackControl

HackControl services include penetration tests, security audits, block chain audits and brand and anti-phishing protection.

Document Security Systems (DSS)

Document Security Systems (DSS)

DSS anti-counterfeit, authentication, and brand protection solutions are deployed to prevent attacks which threaten products, digital presence, financial instruments, and identification.

Cloud & Cyber Security Expo

Cloud & Cyber Security Expo

Cloud & Cyber Security Expo is the UK’s largest cloud and cyber security event.

Digital Edge

Digital Edge

Digital Edge provides unparalleled Managed Cloud Solutions, as well as superior Information Technology Support Services.

Intuitive Research & Technology Corp

Intuitive Research & Technology Corp

Intuitive Research and Technology is an aerospace engineering and analysis firm providing services to the Department of Defense, government agencies, and commercial companies.

Olympix

Olympix

Dev-first Web3 security that starts at the source. Olympix is a pioneering DevSecOps tool that puts security in the hands of the developer by proactively securing code from day one.

Falconfeeds

Falconfeeds

Falconfeeds empowers businesses and security professionals with immediate access to the latest and historical threat intelligence data.

360 Advanced

360 Advanced

360 Advanced is a relationship-focused cybersecurity and compliance firm offering integrated compliance solutions customized to meet your business’ needs.

Hunt & Hackett

Hunt & Hackett

Hunt & Hackett helps European companies prevent, detect and respond to today’s most advanced adversaries, safeguarding them against cyberthreats and espionage.