How Do You Successfully Detect, Investigate and Prove an Internal Threat? 
Risk mitigation of internal/insider threats can be achieved. 
Internal Threat Management although avoided as it was seen as snooping or too Big Brother is becoming a recognised strategy in Cyber Security. General analysis in prevention can fall into four categories: description, diagnosis, prediction and prescription. By answering the first two we see the ‘what’ and the ‘why’. Then we can project most likely targets for theft or alteration and how that will happen with the third element. Leaving the final analysis how to go about preventing actual attacks.

Of the insiders who perpetrate such acts around 80% can be caught by the application of simple monitoring behavioural rules and an understanding of the pressures they face in everyday life. The balance of 20% can be diagnosed using anomaly detection tools that show how they veer from normal routines and authorised use of network and systems.

There are three main characters that insider threats take: A pawn; a collaborator and a lone wolf. A pawn is highly likely to be unaware of being involved as they have fallen prey to spearphishing, compromising their machines. 2009 incident with Coke Cola is a good example of this. A collaborator knowingly works with outsiders to breach the network and data. By definition a lone wolf works alone and as in the Snowden case low-level yet broad privileges can allow widespread access.

Click below to view our Infographic.
Domain AV URL & Document Sandboxing
Request Demo