Will The Insider Threat Intensify During The Recession?

Uploaded on 2023-01-26 in NEWS-Cybersecurity News, FREE TO VIEW

In the face of what could be a prolonged economic recession, organisations are gearing up to navigate an exceptionally unique business environment. Covid-19 has heralded a new era whereby the democratised workforce sees employees become increasingly comfortable expressing both their satisfaction and their grievances.

For businesses, this presents a difficult dynamic. With inflation at a 20-year high and economic conditions looking like they may very well worsen, employers are set to come under pressure from their staff demanding wage increases as they too look to navigate the cost-of-living crisis. 

While many of those that aren’t satisfied will simply opt to vote with their feet and move on in search of higher salaries, there is the very real threat that others in less fortunate situations may go rogue. Indeed, there’s already evidence that employees are exfiltrating data when they are made redundant, or even accepting payments from hacker groups in return for planting malware. And Verizon’s 2022 Data Breach Investigations Report found 20% of global data breaches were caused by internal actors last year. 

There’s now every chance that this very real threat may grow with economic hardships likely to create growing factions of disgruntled employees. And that means organisations must prepare for and build on the measures they have in place, particularly as the ramifications of these attacks can be costly. According to the 2022 Ponemon Cost of Insider Threats Global Report, organisations spent a whopping $15.38 million on average dealing with insider threats in 2021.

How UEBA Can Help

Fortunately, solutions capable of assisting firms in proactively combatting insider threats are available today. 
User and Entity Behaviour Analytics (UEBA) stands as a prime example. It taps into machine learning technologies to enhance the investigation of unusual patterns in user behaviour while reducing the time spent on threat hunting. UEBA monitors employee activity and assimilates it into a behaviour-based risk model to build a baseline of normal user and group behaviour. 

Typically, this is determined by two forms of context

  • Environmental Context, which includes details such as whether a user was an IT admin or highly privileged user, or if they own the asset in question.
  • Situational context, used to answer critical questions like “has this happened before?” and “is this normal?”. 

Anything out of the ordinary immediately triggers an alert which is supplemented with this important environmental and situational information to help teams more effectively investigate incidents. Resultantly, UEBA is able to empower organisations to mitigate this unique form of risk, damage and data loss.

By detecting advanced attacks early, insider threats can be spotted and stopped in their tracks at speed. 

Making The Most Of Automated Security Solutions

While a core benefit of UEBA is its ability to mitigate the potential threat of internal actors going rogue, it also brings several other benefits to the table. 

Security analysts today have found themselves working in stressful environments. Tasked with trawling through large amounts of data and evaluating an increasing number of alerts to determine if there are signs of a security incident, it’s become a never-ending task. But UEBA can offer some respite and help here by relieving some of the stresses faced by beleaguered security teams.

  • First, it can be used to detect security incidents that are otherwise impossible to identify without machine learning. The peer grouping and baselines it provides make it easy to identify abnormal behaviour, and in turn reduce the time required to respond to the most critical incidents thanks to its ability to set risk scores for all abnormal behaviour. This allows security analysts to prioritise alerts more easily. 
  • Additionally, UEBA can save time by reducing false positives in the SOC. It consistently reviews the typical behaviours of each and every user in order to identify common patterns. If it’s common for someone in the finance team to upload a lot of data in a set period, for example, then UEBA will learn this and won’t create an alert. 

It’s also worth noting that certain UEBA tools can be used to secure business critical systems like SAP. At present, many organisations lack visibility in these systems, with no way of detecting or investigating what has happened following an attack. With the right technologies, however, business-critical systems can be continuously monitored for threats such as IP theft, fraud and access violations, enabling security teams to act on threats and detect and respond to malicious insiders. 

Now, more than ever, analysts are expressing a desire for such capabilities. Indeed, research shows that 71% of analysts say introducing automation to the analyst workflow would help reduce analyst stress, while 63% state that implementing advanced analytics/machine learning would help. 

The demands for automated and intelligent solutions are there. And with insider threats only likely to worsen as the recession progresses, it is vital for organisations to take more proactive measures to prevent breaches instigated by internal actors sooner rather than later. 

Tim Wallen is Regional Director UKI & BeNeLux at Logpoint

You Might Also Read:

No Slack In The System:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« NCSC Alert: British Journalists & Politicians Are Hacking Targets
Ukraine’s Security Agency Says Russian Cyber Attacks Are Increasing »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Packet Ninjas

Packet Ninjas

Packet Ninjas is a niche cyber security agency with specialized expertise in the use of digital intelligence to strengthen cyber security.

Team8

Team8

Team8 is Israel’s most prestigious cybersecurity think tank and venture creation foundry.

Sabasai

Sabasai

Sabasai specialises in all aspects of insider threat management from training and education to building security frameworks and insider threat programs to on-site risk & vulnerability assessments.

HKCERT

HKCERT

HKCERT is the centre for coordination of computer security incident response for local enterprises and Internet Users in Hong Kong.

Very Good Security (VGS)

Very Good Security (VGS)

VGS is the modern approach to data security. Our SaaS solution gives you all the benefits of interacting with sensitive and regulated data without the liability of securing it.

ACM-CCAS

ACM-CCAS

ACM is a UKAS-accredited certification body helping businesses around the world perform to a higher standard. Our certifications include ISO 27001 and ISO 22301.

2Keys

2Keys

2Keys designs, deploys and operates Digital Identity Platforms and Cyber Security Platforms through Managed Service and Professional Service engagements.

AXELOS

AXELOS

AXELOS develops best practice frameworks and methodologies used globally by professionals working primarily in IT management and cyber resilience.

InfoSec Conferences

InfoSec Conferences

InfoSec Conferences is an online directory of infosec conferences. We list every single Information Security conference, event and seminar within every niche in Cybersecurity.

Cyolo

Cyolo

Cyolo’s Secure Access Service Edge (SASE) platform securely connects onsite and remote users to authorized assets, in the organizational network, cloud or IoT environments and even offline networks.

C3i Hub

C3i Hub

C3i Hub aims to address the issue of cyber security of cyber physical systems in its entirety, from analysing security vulnerabilities to developing tools and technologies.

Technisanct

Technisanct

Technisanct works with Governments, especially Law Enforcement and Defence agencies, helping them in monitoring threats, managing their data and resolving their forensic needs.

KirkpatrickPrice

KirkpatrickPrice

KirkpatrickPrice is dedicated to providing you with innovative security guidance and efficient audit services.

OSP Cyber Academy

OSP Cyber Academy

OSP Cyber Academy are a managed service provider of cyber, information security and data protection training.

Solcon Capital

Solcon Capital

Solcon Capital is a forward-looking, technology-focused investment firm that is committed to identifying and investing in the most promising areas of innovation and development in the tech industry.

Tanzania Industrial Research and Development Organization (TIRDO)

Tanzania Industrial Research and Development Organization (TIRDO)

TIRDO is a multi-disciplinary research and development organization.