When the challenge of battling inside threats arises, it's tempting to dismiss the process as little more than identifying the rogue employee(s), along with reviewing and refining permissions, controls, and authorizations to prevent recurrence. Depending on the industry, some public apologies may need to be made and some regulatory fines may need to be paid.
The good news and the bad news with insider threats? The good news is most insider threats derive from negligence, not malicious intent, according to Katie Burnell, global insider threat specialist at security vendor Dtex Systems. The bad news is the frequency of negligence is already ahead of where it was in 2018, she adds.
Compounding the problem is the fact there are more networks, more devices, and, of course, more data to monitor and secure. End-user organizations understand they can't do — or secure — it all. One popular approach has been to prioritize the monitoring of those users with the highest privileges, adding in other users as time and resources permit.
Our list of insider threats identifies the "who," but what about the "how" of detection? Log files and SIEM data may offer some forensic footprints to see who accessed which servers, databases, and individual files. But the volumes of monitoring data are too great to do this for all users, security experts agree. This has opened the door to user behavior analytics (UBA), which flags anomalous behavior by user. Some security vendors ..
Support the originator by clicking the read the rest link below.
