Critical Insight

Threat intelligence protects critical assets, advanced technologies and classified information from those that seek to compromise national security or coerce economic advantage.

Threat behaviours are preceded by precursors that can be identified, risk profiled and mitigated.

As the insider progresses from a loyal employee to an insider threat the individual exhibits discreet and deteriorating behaviours in the weeks or months before they act. These behaviours can often be correlated with organisational and societal violations.

Artificial Intelligence can interpret and correlate behavioural changes against operational risk factors from multi-source organisational and cyber-based data sets for the security analyst to consider. But it must be part of an integrated risk correlated toolset so that cost versus risk reducing impact can be measured and resources prioritised.

Most Insider Threat technologies look for abnormal network behaviours as an indicator of ill intent. When these systems trigger they automatically illicit suspicion.

One abnormal network behaviour (access times, log in errors, exfiltration etc) is a very poor indicator of intent. In over 98% of cases suspected initial threat events prove to be accidental breaches without malicious intent.

Further accidental breaches and the subsequent allegations of malicious intent can represent a significantly larger source of risk that the insider attack itself given the overwhelming number of unintentional vs malicious breaches.

Employees, fundamentally want to do the right thing.

They often use shortcuts that trigger rules libraries that draw attention to efforts to streamline difficult work practices.

So when Critical Insight was designed we knew it needed a new lens, one that enabled the organisation to address early warning threat indicators as opportunities for education and de-escalation within a strict framework of employee respect and privacy.

With this focus employees happily identify how lapses had occurred and used this as a positive experience to re-engineer CI to enhance work efficiencies leaving employees with positive experience.

Significant advances in Artificial Intelligence (Machine Learning, Deep Neural Networks, Sentiment Analysis etc) can interpret these behaviours and provide the backbone of future solutions.

Initiatives focused on resolving insider threat events based upon access control, surveillance and layered hardware security have been ineffective given no forewarning was possible.

Trusted humans cause insider threats and Artificial Intelligence provides the capacity to leverage behaviour based models to interpret and recognise insider threat behaviours as incident precursors, thereby providing significant insights to prevent the threat.