In an ideal world, every employer would implicitly trust their employees. Once someone is inside the door, it only feels right to assume they have the best intentions. Most of the time this is completely true, yet sadly, in a world of easy-to-copy digital documents, the temptation for data theft is higher than ever before.

Research from 2021 shows that over a fifth of all cyber security incidents today are related to insider threats. Not all these breaches are malicious (in fact the majority are caused by negligent behaviour or staff whose credentials have been stolen), but whatever the reason, the impacts are significant.

In response, a growing number of businesses are deploying User Behaviour Analytics (UBA) to help tackle this issue. So, what exactly is User Behaviour Analytics, and how can it help defend against insider threats?

Join a threat protection workshop

Insider threats: a unique challenge

Unlike phishing, DDOS or more traditional hacking, insider threats are a particularly unique challenge for IT departments. In the traditional cybersecurity model, once someone is inside your walls, they effectively have the ability to move around as they please – which means staff can potentially be very dangerous. While you may have a permissions-based information management policy, there is still a lot that insiders can do intentionally – or inadvertently – to share company secrets.

The traditional approach to tackling inside threats has a number of drawbacks:

  • Rigid permissions: Administrators (who have the right to do almost anything they want in your environment) apply permissions to a particular user’s account in Active Directory. This stops them seeing things they shouldn’t, but can be very inconvenient. If an employee wants to view one particular file in a folder they don’t have permissions for, they need to request access which simply slows them down unnecessarily.
  • Focus on hardware: To deal with the insider threat issue, firms often impose rules around hardware. For example, it’s common to prevent people from using USB sticks or DVDs with the office computers on the desktop at the office. However, in a world where people are working remotely and connecting to IT systems from more devices, rules that attach identity to a particular PC feel antiquated.
  • More complex IT environment: Companies are using far more apps and tools (often based in the cloud) than ever before. Manually ensuring that you are consistently applying the same access rules across these different environments becomes very challenging.

Related: What is a Zero Trust security model?

How User Behaviour Analytics tries to tackle the issue

UBA is a kind of security technology powered by machine learning. The technology is deployed to your IT environment, where it analyses historical user behaviour to understand how people at your company work, what apps they use, what documents they work on, and which file servers they enter.

Once it has analysed how people behave on your company’s IT systems, it then monitors for any anomalous behaviour. If an employee (or indeed a device) appears to be trying to access information or download content in a way that they don’t usually, the software would alert your IT department.

UBA is designed to avoid sending out endless ‘false positive’ alerts. It ranks unusual behaviour based on potential impact. So, someone opening a new app they’ve never used before probably won’t trigger an alert. But someone downloading your trade secrets to a USB will set alarm bells ringing.

User Behaviour Analytics can check for a wide variety of activity, including things like:

  • Access to privileged assets
  • Unusual log in duration, location or time of day
  • Impossible behaviours (such as logging in from locations far apart in a short period of time)
  • Unexpected changes in login credentials
  • Attempts to download, print, or email sensitive data

Example: Imagine a director at a business has been accused of bad behaviour and is going to be sacked. Feeling embittered against the company, the director decides to try and download lots of secret documents, hoping to share them with competitors as a means of ‘getting back’ at his former employer.

However, if your company has a User Behaviour Analytics tool, the software would instantly alert your IT department to this unusual download of a large stash of sensitive documents. The director could be stopped before trying to get away with the theft.

Join a secure identities workshop

Where to start with User Behaviour Analytics

At FITTS, our security consultants help a wide range of public and private sector organisations to use the most advanced security technology – including User Behaviour Analytics. We see UBA as an incredibly powerful tool that can help prevent a significant amount of theft. But, before deploying the technology, the first step is to understand the importance of identity in modern enterprise security.
By developing a clearer view of your users’ identities, you can then begin applying machine learning tools such as UBA to spot unusual behaviour and clamp down on insider threats.

Contact us today to learn more about User Behaviour Analytics. Or, to learn more about the importance of identity, view our webinar: Identity as the new security.