Manning, Snowden, Wikileaks… Recent headlines have made the
dangers of insider threats for federal agencies even more of a flashing red
light than before. The risk of intentional data breaches is a critical problem,
but certainly not the only one. The latest report from the Ponemon Institute,
the 2013
Cost of Cyber Crime Study: United States, found that more than one third of
all data security breaches at government agencies are caused accidentally by internal employees. Intentional
or not, both are problematic.
Human error as
insider threat
A study by the Privacy
Rights Clearinghouse noted not long ago that government agencies have
experienced a steady rise in data breaches caused by employees over the last
four years. In addition, employee negligence caused over 150 breaches and the
loss of more than 92.5 million records since January 2009.Information-security and data-privacy policies and processes are a major focus inside government agencies, yet these facts seem to indicate that greater rigor and additional employee training on information-governance and data-privacy best practices are in order for most large organizations, whether government agencies or corporations.
Human psychology as
attack vector
Most government agencies are truly excellent at
understanding the psychology of disgruntled workers, including those who are seeking financial gain and anticipating
potential actions/reactions. They may watch to
see whether someone who received an official reprimand--through his or her manager
or Human Resources--begins acting differently. They notice when someone else was
promoted above him or when he begins visiting the
websites of organizations competitive with or antagonistic to his own. These
agencies know that, say, a software developer won’t normally display this
behavior, and will usually stay tightly focused
on his or her own project-related sphere of
reference.
They are aware that it’s worth noting when someone with a
mid-level income has a different car, and went from driving a Mercedes to
driving a Yugo, or brags about the reverse. This person may suddenly have
purchased a much larger boat or a house out of his or her income range. Yet these
organizations have many staffers to manage and there are always more critical
tasks than hours in a day, making monitoring of anomalous digital behavior across an agency's thousands of endpoints beyond the reach of most information security teams.
Proactive threat intelligence
The answer to this is, of course, automation of key aspects
of threat monitoring. EnCase® Analytics does this by aggregating all of the
massive amounts of data on processes and files that is constantly roiling on
endpoints such as servers and workstations. Once EnCase Analytics has aggregated and analyzed that information, it can show
you the anomalies from the most recent baseline of normal activity across your
network in a visual dashboard. At that point, your security analysts can make
judgment calls on what may or may not be occurring given the state of IT and
InfoSec processes that day, week, or month. They can decide, is this anomalous
behavior? Is it normal for that worker to offload 33,000 documents to a thumb
drive? Is it normal to upload files to Dropbox, or to email one single file to
a competitor or personal account? Should a certain user account have processes
running in several domains across numerous machines?
In the past, the timeline from saying, “Hmmm… that’s funny”
to having the actionable intelligence needed could be weeks. With EnCase®Cybersecurity, you can grab a snapshot for analysis of the anomaly, feed that
input into EnCase Analytics and send those files out to another directory where
your analyst can look at them more closely with EnCase® Forensic or EnCase® Enterprise.
It would be impossible for humans to watch the terabytes of
data on endpoints for anomalies. EnCase Analytics does this for your team, allowing your experts to focus on doing more of what they do
best: human analysis.
No comments :
Post a Comment