Mar 14, 2016
One of the scenarios which caught my attention in the latest data breach digest was Insider Threat where one employee outsourced his own job to a foreign consulting firm for pennies on the dollar while receiving high performance reviews year after year. But as the organization was in critical infrastructure this gets scary really quick. If something similar happens in your organization are you prepared to handle it? Do you have solutions to detect it? If yes, how long do you think it will take to find out that you have a rogue insider?
It’s funny (not really) that someone is able to give their credentials and VPN access to outside entities without getting detected for so long. The motivation for employees to become insider threats tend to be mostly monetary but could also be host of other reasons like disgruntled employee, low performance reviews, payback for any misunderstanding, etc. Typically, these scenarios are accompanied with high privilege misuse.
It took this organization multiple years to detect the anomalous behavior. Part of the reason for large dwell time could be the lack of resources to investigate these cases or inability to pick the needles from a large haystack. This is where solutions leveraging big data machine learning can really make a difference and be the force multiplier. The amount of data that we are looking at is increasing exponentially and throwing headcount at this problem doesn’t scale. User Behavior Analytics (UBA) is able to scale the data science to help tackle this exact problem. UBA also picks up any anomalous behavior even if it is previously unknown to the security team. This will be a blind spot if you depend on rules or query based solution. You can read more about UBA here: http://gurucul.com/solutions/user-behavior-analytics
The data breach digest has some very interesting cyber security scenarios discussed. This report compliments the DBIR which most of us are aware of in the past. There are 18 scenarios discussed based on their prevalence and lethality. The scenarios include social engineering, partner misuse, hacktivist attack, backdoor access, sophisticated malware, partner misuse amongst others. Interesting read for sure, the full report can be found here: http://www.verizonenterprise.com/verizon-insights/data-breach-digest/2016/