Will The Insider Threat Intensify During The Recession?

Uploaded on 2023-01-26 in NEWS-Cybersecurity News, FREE TO VIEW

In the face of what could be a prolonged economic recession, organisations are gearing up to navigate an exceptionally unique business environment. Covid-19 has heralded a new era whereby the democratised workforce sees employees become increasingly comfortable expressing both their satisfaction and their grievances.

For businesses, this presents a difficult dynamic. With inflation at a 20-year high and economic conditions looking like they may very well worsen, employers are set to come under pressure from their staff demanding wage increases as they too look to navigate the cost-of-living crisis. 

While many of those that aren’t satisfied will simply opt to vote with their feet and move on in search of higher salaries, there is the very real threat that others in less fortunate situations may go rogue. Indeed, there’s already evidence that employees are exfiltrating data when they are made redundant, or even accepting payments from hacker groups in return for planting malware. And Verizon’s 2022 Data Breach Investigations Report found 20% of global data breaches were caused by internal actors last year. 

There’s now every chance that this very real threat may grow with economic hardships likely to create growing factions of disgruntled employees. And that means organisations must prepare for and build on the measures they have in place, particularly as the ramifications of these attacks can be costly. According to the 2022 Ponemon Cost of Insider Threats Global Report, organisations spent a whopping $15.38 million on average dealing with insider threats in 2021.

How UEBA Can Help

Fortunately, solutions capable of assisting firms in proactively combatting insider threats are available today. 
User and Entity Behaviour Analytics (UEBA) stands as a prime example. It taps into machine learning technologies to enhance the investigation of unusual patterns in user behaviour while reducing the time spent on threat hunting. UEBA monitors employee activity and assimilates it into a behaviour-based risk model to build a baseline of normal user and group behaviour. 

Typically, this is determined by two forms of context

  • Environmental Context, which includes details such as whether a user was an IT admin or highly privileged user, or if they own the asset in question.
  • Situational context, used to answer critical questions like “has this happened before?” and “is this normal?”. 

Anything out of the ordinary immediately triggers an alert which is supplemented with this important environmental and situational information to help teams more effectively investigate incidents. Resultantly, UEBA is able to empower organisations to mitigate this unique form of risk, damage and data loss.

By detecting advanced attacks early, insider threats can be spotted and stopped in their tracks at speed. 

Making The Most Of Automated Security Solutions

While a core benefit of UEBA is its ability to mitigate the potential threat of internal actors going rogue, it also brings several other benefits to the table. 

Security analysts today have found themselves working in stressful environments. Tasked with trawling through large amounts of data and evaluating an increasing number of alerts to determine if there are signs of a security incident, it’s become a never-ending task. But UEBA can offer some respite and help here by relieving some of the stresses faced by beleaguered security teams.

  • First, it can be used to detect security incidents that are otherwise impossible to identify without machine learning. The peer grouping and baselines it provides make it easy to identify abnormal behaviour, and in turn reduce the time required to respond to the most critical incidents thanks to its ability to set risk scores for all abnormal behaviour. This allows security analysts to prioritise alerts more easily. 
  • Additionally, UEBA can save time by reducing false positives in the SOC. It consistently reviews the typical behaviours of each and every user in order to identify common patterns. If it’s common for someone in the finance team to upload a lot of data in a set period, for example, then UEBA will learn this and won’t create an alert. 

It’s also worth noting that certain UEBA tools can be used to secure business critical systems like SAP. At present, many organisations lack visibility in these systems, with no way of detecting or investigating what has happened following an attack. With the right technologies, however, business-critical systems can be continuously monitored for threats such as IP theft, fraud and access violations, enabling security teams to act on threats and detect and respond to malicious insiders. 

Now, more than ever, analysts are expressing a desire for such capabilities. Indeed, research shows that 71% of analysts say introducing automation to the analyst workflow would help reduce analyst stress, while 63% state that implementing advanced analytics/machine learning would help. 

The demands for automated and intelligent solutions are there. And with insider threats only likely to worsen as the recession progresses, it is vital for organisations to take more proactive measures to prevent breaches instigated by internal actors sooner rather than later. 

Tim Wallen is Regional Director UKI & BeNeLux at Logpoint

You Might Also Read:

No Slack In The System:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« NCSC Alert: British Journalists & Politicians Are Hacking Targets
Ukraine’s Security Agency Says Russian Cyber Attacks Are Increasing »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Apcon

Apcon

Apcon's mission is to provide valuable network insights that enable security and network professionals to monitor, secure and protect their data in both physical and virtual environments.

Praetorian

Praetorian

Praetorian is an offensive cybersecurity company whose mission is to prevent breaches before they occur.

Agari

Agari

Agari is the Trusted Email Identity Company™, protecting brands and people from devastating phishing and socially-engineered attacks.

Lacework

Lacework

Lacework brings speed, scale, and automation to cloud security and allows security and DevOps teams to collaborate on keeping data and applications safe.

Bechtel

Bechtel

Bechtel’s Industrial Control Systems Cyber Security Laboratory focuses on protecting large-scale industrial and infrastructure systems that support critical infrastructure.

Cyber Security Challenge UK

Cyber Security Challenge UK

Cyber Security Challenge UK is a series of national competitions, learning programmes, and networking initiatives designed to identify, inspire and enable more people to become cybersec professionals.

CybernetIQ

CybernetIQ

CLAW by CybernetIQ is the industry's most advanced SOAR platform helping unify all cybersecurity tools under one umbrella and providing organizations faster, better and more accurate cybersecurity.

BCyber

BCyber

BCyber is a Swiss Cyber Security company that provides security products, training, and managed services to protect diverse IT and OT environments against cyber, physical, and cyber-physical threats.

Digital Security by Design (DSbD)

Digital Security by Design (DSbD)

Digital Security by Design is an initiative supported by the UK government to transform digital technology and create a more resilient, and secure foundation for a safer future.

Descope

Descope

Descope is a service that helps every developer build secure, frictionless authentication and user journeys for any application.

Zama

Zama

Zama - pioneering homomorphic encryption. We believe people shouldn't care about privacy. Not because it doesn't matter, but because it shouldn't be an issue!

CyBourn

CyBourn

Cybourn's diverse offerings include engineering, analysis, product development, assessment, and advisory services in the cybersecurity space.

Cyviation

Cyviation

Cyviation's mission is to mitigate ever-growing and menacing Cyber Security threats, focusing on aircraft, airlines and airports.

Paramount Defenses

Paramount Defenses

Paramount Defenses have unrivaled capability in two of the most critical areas in cyber security today – Active Directory Security and Privileged Access.

Protega

Protega

Protega is a company specialized in Managed Cybersecurity Services (MSS) & SOC 24×7; management, risk & compliance (GRC); implementation of data protection technologies; and Red Team services.

Maltiverse

Maltiverse

Maltiverse is a threat intelligence platform that provides security teams with high-fidelity threat data and malicious IOCs to enhance detection and response.