Recently, Everfox Director of Enterprise User and Data Protection,
@Mike Crouse (opens a new window), sat down with @Kevin Rosenquist (opens a new window), host of the @SoarPayments (opens a new window) PayPod Podcast to talk about insider risk and cyber security.   

User Behavior Insight

Mike shared the importance of gaining better understanding and insight into employee behavior as a key element toward identifying and reducing risk. He explored how effective insider risk managers aren’t looking for more data to analyze or more point products, but rather they’re looking for indicators of risk at an individual level so they can uncover risk before it becomes a problem. 

Insider risk managers need insight into how employees and those given access are interacting with protected information. Not only from a data movement standpoint, but from a perspective of user behavior that occurs as part of interactions with protected information.   

For example, situations where a contractor or employee attempts to access information that does not appear related to their current job assignment. Do they have malicious intent of exfiltrating proprietary information or are they simply looking for information useful to performing their assignment?   

To answer these types of questions, Mike suggests that it’s critical to have insight into behavior beyond what mere data logs of data movement can provide.

Asking the Right Questions

How can risk managers get more context into the intent behind data access and movement? How can they determine if a user is acting maliciously, accidentally, or with the best of intentions?    

Mike shares that organizations who try to answer these questions using low assurance security measures are not likely to find the right answers.  Security analysts need proven innovations and tools that can identify and score levels of risk posed by user activities. While many cybersecurity products attempt to identify what happened, the more effective solutions can help identify why an event occurred.  Identifying the root cause, user intent, and behavior associated with an event.  

Technology Alone Will Not Mitigate Risk

Mike mentions that mitigating risk isn’t accomplished through technologies that merely collect more data for analysts to sort through.  Instead, he suggests leveraging technology capable of collecting data based on an alignment with company policies. Utilizing this type of technology can narrow and score data for indicators of risk while measuring it against those policies for violations. 

Mike explains that technology alone will not solve insider risk challenges, nor will point products that claim to automatically detect risk.  

Organizations can begin by simply asking themselves where they are in their insider risk management journey.  Do they have the right stakeholders in place to govern risk when it’s detected? Are they needing to reduce ‘mean time to investigate’ toward better case management and forensics to respond to risk before it escalates?   

If they are collecting plenty of user data, but are uncertain what that data is telling them, they could benefit from behavioral analytics solutions for accurate correlations between various types of user data to uncover anomalous and risky behavior.   

Educating the Workforce is Key

Mike also explains that educating your workforce is an extremely important part of reducing insider risk. The right training and awareness can dramatically reduce risk while preserving employee morale and trust.  
 
Listen to Mike’s conversation with Kevin Rosenquist here. (opens a new window)