In May last year, Qian Sang, a research scientist at Yahoo, received a job offer from The Trade Desk, one of Yahoo’s key competitors. Presumably hoping to score major brownie points with his new employer, he immediately downloaded approximately 570,000 pages of proprietary information about Yahoo’s AdLearn product to a personal device. And, a few weeks later to this, Yahoo discovered the theft and sent Sang a cease-and-desist letter, charging him with violation of the Virginia Uniform Trade Secrets Act, breach of his fiduciary duty, and theft of intellectual property.
So, if there’s a lesson we can learn from this story, it’s this: insider threats are indiscriminate. If it can happen to Yahoo, it can happen to you or anyone. But what could Yahoo have done to prevent this attack? And what can you do to avoid it happening to your organization? Let's read more on this.
By combining user and entity behavior analytics (UEBA) solutions and security awareness training, organizations can proactively detect and respond to potential insider threats, significantly reducing the risk of a data leak.
What is an Insider Threat?
An insider threat is a cybersecurity incident that involves someone inside the targeted organization. Insider threats could be current and former employees, business partners, or anyone with access to sensitive company information. There are three main types of insider threats:
- Malicious insiders intentionally abuse their position inside an organization for personal gain.
- Accidental insiders unwittingly expose private information or systems to an outside threat.
- Moles masquerade as legitimate employees to gain access to private information or systems. Unlike malicious insiders, they join an organization for the sole purpose of becoming an insider threat.
What is User and Entity Behavior Analytics (UEBA)?
UEBA is a cybersecurity tool that leverages algorithms and machine learning (ML) to identify and flag behavioral abnormalities, typically to prevent insider threats. It monitors user behavior, flagging, for example, if an employee attempts to access information outside of their remit, and machine behavior, and machines alerting security teams, for instance, if a server receives many more requests than is typical.
What is Security Awareness Training?
Security awareness training is what that involves educating employees or other personnel on protecting their organization from cybercrime. While traditional security awareness training programs have merely taught employees how to identify and avoid social engineering scams such as phishing emails, many contemporary programs have expanded their scope to include information regarding cybersecurity policies, explanations of an organization’s security infrastructure, and regulatory standards.
How can User and Entity Behavior Analytics (UEBA) Prevent Insider Threats?
UEBA solutions are a little more complicated. In short, UEAB leverages algorithms and ML technologies to identify behavioral anomalies that could indicate a potential insider threat. However, it’s worth delving deeper into how it works.
First, by analyzing historical data, UEBA solutions establish a baseline of regular user and entity behavior. From there, they continuously monitor for deviations from that baseline; for example, unusual login times, data access patterns, or abnormal file transfer. If the deviation is significant enough, the UEBA flags it to the security team for further investigation.
UEBA solutions also consider contextual factors when analyzing user and entity behavior. For example, they consider user roles, departments, access privileges, and standard behavioral patterns to differentiate between legitimate and suspicious activities, thus limiting false positives. The best UEBA solutions can differentiate between employees exfiltrating sensitive company data and personal data, thereby further eliminating the risk of false positives.
Similarly, UEBA solutions create user and entity profiles based on their behavior patterns, access rights, and historical data to identify potential threats better. User profiling also aids security teams in assigning users risk scores, which informs and helps prioritize monitoring efforts.
While worthwhile as a standalone tool, UEBA solutions are most effective with other security systems, such as data loss prevention (DLP), identity and access management, and security information and event management (SIEM) tools. The best UEBA solutions can integrate with these tools, enhancing an organization’s security posture by correlating data from multiple sources and providing a more holistic view of potential threats.
How can Security Awareness Training Prevent Insider Threats?
You need to train your employees to identify possible social engineering scams or insider threats, this is one of the best ways to protect and secure your organization from such threats. Through consistent, role-specific security awareness training, organizations dramatically decrease the risk of insider threats, as staff are less likely to become accidental insiders and are more likely to spot intentional insiders. Quality security awareness training is so effective that research from the Ponemon Institute found that organizations that provide their employees with regular security awareness training experienced a 64% reduction in cyber-attack frequency.
It’s worth noting that security awareness training is an essential thing for organizations that choose to implement UEBA solutions. UEBA is, by its nature, invasive, and employees could perceive it as an intrusion on their privacy. Security awareness training that explains why UEBA is necessary and how organizations protect employee privacy is crucial to preventing discontent.
Therefore, it is clear that security awareness training and UEBA solutions are very important to protect any organization from this insider threat thing. Security awareness training educates employees on identifying and avoiding potential insider threats. At the same time, UEBA solutions analyze corporate data to identify and flag behavioral anomalies that could indicate a potential insider threat.
About Author:
Josh is a Content writer at Bora. He graduated with a degree in Journalism in 2021 and has a background in cybersecurity PR. He's written on a wide range of topics, from AI to Zero Trust, and is particularly interested in the impacts of cybersecurity on the wider economy.
0 Comments