Will The Insider Threat Intensify During The Recession?

Uploaded on 2023-01-26 in NEWS-Cybersecurity News, FREE TO VIEW

In the face of what could be a prolonged economic recession, organisations are gearing up to navigate an exceptionally unique business environment. Covid-19 has heralded a new era whereby the democratised workforce sees employees become increasingly comfortable expressing both their satisfaction and their grievances.

For businesses, this presents a difficult dynamic. With inflation at a 20-year high and economic conditions looking like they may very well worsen, employers are set to come under pressure from their staff demanding wage increases as they too look to navigate the cost-of-living crisis. 

While many of those that aren’t satisfied will simply opt to vote with their feet and move on in search of higher salaries, there is the very real threat that others in less fortunate situations may go rogue. Indeed, there’s already evidence that employees are exfiltrating data when they are made redundant, or even accepting payments from hacker groups in return for planting malware. And Verizon’s 2022 Data Breach Investigations Report found 20% of global data breaches were caused by internal actors last year. 

There’s now every chance that this very real threat may grow with economic hardships likely to create growing factions of disgruntled employees. And that means organisations must prepare for and build on the measures they have in place, particularly as the ramifications of these attacks can be costly. According to the 2022 Ponemon Cost of Insider Threats Global Report, organisations spent a whopping $15.38 million on average dealing with insider threats in 2021.

How UEBA Can Help

Fortunately, solutions capable of assisting firms in proactively combatting insider threats are available today. 
User and Entity Behaviour Analytics (UEBA) stands as a prime example. It taps into machine learning technologies to enhance the investigation of unusual patterns in user behaviour while reducing the time spent on threat hunting. UEBA monitors employee activity and assimilates it into a behaviour-based risk model to build a baseline of normal user and group behaviour. 

Typically, this is determined by two forms of context

  • Environmental Context, which includes details such as whether a user was an IT admin or highly privileged user, or if they own the asset in question.
  • Situational context, used to answer critical questions like “has this happened before?” and “is this normal?”. 

Anything out of the ordinary immediately triggers an alert which is supplemented with this important environmental and situational information to help teams more effectively investigate incidents. Resultantly, UEBA is able to empower organisations to mitigate this unique form of risk, damage and data loss.

By detecting advanced attacks early, insider threats can be spotted and stopped in their tracks at speed. 

Making The Most Of Automated Security Solutions

While a core benefit of UEBA is its ability to mitigate the potential threat of internal actors going rogue, it also brings several other benefits to the table. 

Security analysts today have found themselves working in stressful environments. Tasked with trawling through large amounts of data and evaluating an increasing number of alerts to determine if there are signs of a security incident, it’s become a never-ending task. But UEBA can offer some respite and help here by relieving some of the stresses faced by beleaguered security teams.

  • First, it can be used to detect security incidents that are otherwise impossible to identify without machine learning. The peer grouping and baselines it provides make it easy to identify abnormal behaviour, and in turn reduce the time required to respond to the most critical incidents thanks to its ability to set risk scores for all abnormal behaviour. This allows security analysts to prioritise alerts more easily. 
  • Additionally, UEBA can save time by reducing false positives in the SOC. It consistently reviews the typical behaviours of each and every user in order to identify common patterns. If it’s common for someone in the finance team to upload a lot of data in a set period, for example, then UEBA will learn this and won’t create an alert. 

It’s also worth noting that certain UEBA tools can be used to secure business critical systems like SAP. At present, many organisations lack visibility in these systems, with no way of detecting or investigating what has happened following an attack. With the right technologies, however, business-critical systems can be continuously monitored for threats such as IP theft, fraud and access violations, enabling security teams to act on threats and detect and respond to malicious insiders. 

Now, more than ever, analysts are expressing a desire for such capabilities. Indeed, research shows that 71% of analysts say introducing automation to the analyst workflow would help reduce analyst stress, while 63% state that implementing advanced analytics/machine learning would help. 

The demands for automated and intelligent solutions are there. And with insider threats only likely to worsen as the recession progresses, it is vital for organisations to take more proactive measures to prevent breaches instigated by internal actors sooner rather than later. 

Tim Wallen is Regional Director UKI & BeNeLux at Logpoint

You Might Also Read:

No Slack In The System:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« NCSC Alert: British Journalists & Politicians Are Hacking Targets
Ukraine’s Security Agency Says Russian Cyber Attacks Are Increasing »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Lookout

Lookout

Lookout is the data-centric cloud security company that uses a defense-in-depth strategy to address the different stages of a modern cybersecurity attack.

RedLock

RedLock

The RedLock Cloud 360TM platform correlates disparate security data sets to provide a unified view of risks across fragmented cloud environments.

Lumen Technologies

Lumen Technologies

Lumen is an enterprise technology platform that enables companies to capitalize on emerging applications and power the 4th Industrial Revolution (4IR).

Bridewell

Bridewell

Bridewell provide cost effective Security & Risk Assurance Services across Information Security, Cyber Security, Technology Risk, Security Testing and Data Privacy.

Scanmeter

Scanmeter

Scanmeter helps identifying vulnerabilities in software and systems before they can be exploited by an attacker.

ECOMPLY

ECOMPLY

ECOMPLY is an all-in-one GDPR Compliance Solution. Efficient data protection management system for businesses and DPOsomply.

Smart Contract Security Alliance

Smart Contract Security Alliance

The Smart Contract Security Alliance supports the blockchain ecosystem by building standards for smart contract security and smart contract audits.

Visium Technologies

Visium Technologies

Visium Analytics provides innovative data visualization, cybersecurity technologies and solutions to businesses to protect and secure their data assets.

Forum Systems

Forum Systems

Forum Systems is a global leader in API Security Management with industry-certified, patented, and proven products deployed in the most rigorous and demanding customer environments.

Sentinel

Sentinel

Sentinel works with governments, media and defence agencies to help protect democracies from disinformation campaigns by developing a state-of-the-art AI detection platform.

Huntington Ingalls Industries (HII)

Huntington Ingalls Industries (HII)

Huntington Ingalls Industries is America’s largest military shipbuilding company and a provider of professional services to partners in government and industry.

European Center for CyberSecurity in Aviation (ECCSA)

European Center for CyberSecurity in Aviation (ECCSA)

ECCSA is a cooperative partnership within the aviation community to better understand emerging cybersecurity risks in aviation and provide collective support in dealing with cybersecurity incidents.

AutoSec

AutoSec

AutoSec supports the FFI program Electronics, Software and Communication by dissemination and exploitation of the results of projects related to automotive cybersecurity.

UK Cyber Cluster Collaboration (UKC3)

UK Cyber Cluster Collaboration (UKC3)

UKC3 has been launched to support Cyber Clusters and encourage greater collaboration across regions and nations of the UK.

CommandK

CommandK

CommandK provides companies with infrastructure to protect their sensitive data. Built-in solutions to prevent data-leaks and simplify governance.

Glasstrail

Glasstrail

Glasstrail are single-minded about helping organisations gather intelligence and manage vulnerabilities in their attack surface before adversaries exploit them.