The rise of remote work and the extended enterprise have forced us to change the way we think about IT security. In the past, most security investments focused on preventing external threat actors from infiltrating the network at the perimeter. However, many experts agree that insider threats are a significant security risk.
Insider threats are typically associated with malicious users. For example, an exiting employee might use their network credentials to access data and hand it over to a competitor or new employer. Or a disgruntled employee might deliberately sabotage IT systems to cause business disruption.
But malicious insider threats account for just 25 percent of insider threat incidents, according to the Ponemon Institute’s Cost of Insider Risks Global Report 2023. Most insider threats (55 percent) are caused by users who inadvertently compromise IT systems, such as by falling for a phishing scam. Credential theft accounts for 20 percent of insider threat incidents.
Costs and Risks
The common thread among these incidents is that people use legitimate credentials to access systems and resources inside the network. That’s why insider threats are particularly dangerous and costly to remediate. Malicious activity is difficult to distinguish from harmless activity when it comes from inside. As a result, a breach caused by an insider threat can go undetected for years. The longer it takes to find the problem, the more damage can be done and the more expensive it is to fix.
The Ponemon study found that 71 percent of organizations suffer more than 21 insider threat incidents per year, with some experiencing more than 40 incidents. Malicious insiders accounted for 6.2 incidents on average at a cost of $701,500 per incident. Credential theft costs $679,621 per incident on average. Organizations spend $7.2 million annually on average to remediate negligent insider incidents.
How Behavior Analytics Works
Behavioral analytics tools play a vital role in detecting insider threats. These tools examine system and user behavior and establish a baseline of normal activity. They then analyze behavior continuously to detect deviations that could signal a problem.
For example, if a hacker uses stolen credentials to log into the network from China, and that user is based in New York, behavioral analytics will flag the behavior as a risk. Behavioral analytics tools also look for things like activity from terminated or dormant users or logins from suspicious IP addresses. Unusual data downloads can also be a red flag — while it might be normal for a user to download a few project files, downloading everything related to a project would be highly suspect.
Alerts are then displayed on a management dashboard so that administrators can investigate. Some behavioral analytics solutions automatically respond to certain types of activity to mitigate risk.
Using Behavioral Analytics
Behavioral analytics tools should be able to monitor users, devices and applications whether in or out of the office. When suspicious user activity is detected, granular policy controls can be applied, such as activating multifactor authentication, blocking suspicious applications or quarantining users.
Best-in-class tools use machine learning and artificial intelligence (AI) to detect unusual activity related to network, application and data usage in real time. Over time, as machine learning and AI algorithms learn user behaviors and usage patterns, they become even better at identifying abnormal activity.
Behavioral analytics tools can help IT teams detect insider threats faster, reducing the cost of mitigating an attack. These tools can also be used to analyze other types of behavior, such as how devices, applications and cloud platforms communicate with one another.
Organizations need to recognize that perimeter security is not enough. Behavioral analytics can intelligently protect your network from insider threats, accelerate detection and dramatically reduce risk. Contact the security experts at Verteks to discuss integrating these tools into your environment.
