An Insider Threat is a process, not a single event
Threat behaviours are preceded by precursors that can be identified, risk profiled and mitigated.
As the insider progresses from a loyal employee to an insider threat the individual exhibits discreet and deteriorating behaviours in the weeks or months before they act. These behaviours can often be correlated with organisational and societal violations.
Artificial Intelligence can interpret and correlate behavioural changes against operational risk factors from multi-source organisational and cyber-based data sets for the security analyst to consider. But it must be part of an integrated risk correlated toolset so that cost versus risk reducing impact can be measured and resources prioritised.
CI was developed as an early warning behavioural tool
Most Insider Threat technologies look for abnormal network behaviours as an indicator of ill intent. When these systems trigger they automatically illicit suspicion.
One abnormal network behaviour (access times, log in errors, exfiltration etc) is a very poor indicator of intent. In over 98% of cases suspected initial threat events prove to be accidental breaches without malicious intent.
Further accidental breaches and the subsequent allegations of malicious intent can represent a significantly larger source of risk that the insider attack itself given the overwhelming number of unintentional vs malicious breaches.
Address early warning threat indicators
Employees, fundamentally want to do the right thing.
They often use shortcuts that trigger rules libraries that draw attention to efforts to streamline difficult work practices.
So when Critical Insight was designed we knew it needed a new lens, one that enabled the organisation to address early warning threat indicators as opportunities for education and de-escalation within a strict framework of employee respect and privacy.
With this focus employees happily identify how lapses had occurred and used this as a positive experience to re-engineer CI to enhance work efficiencies leaving employees with positive experience.
Interpret and recognise insider threat behaviours
Significant advances in Artificial Intelligence (Machine Learning, Deep Neural Networks, Sentiment Analysis etc) can interpret these behaviours and provide the backbone of future solutions.
Initiatives focused on resolving insider threat events based upon access control, surveillance and layered hardware security have been ineffective given no forewarning was possible.
Trusted humans cause insider threats and Artificial Intelligence provides the capacity to leverage behaviour based models to interpret and recognise insider threat behaviours as incident precursors, thereby providing significant insights to prevent the threat.
Access on the go with our easy to use Critical Insight apps available for both iPhone and Android