Application Security , Corporate , Cyberattack ,

For true cybersecurity you must know what employees are doing

By Michelle Drolet
2 Mar 2018

A look at some options for keeping tabs on your staff and the possible pros and cons.

Securing your data in the digital age is very challenging, but it has never been more necessary. We just looked at the hair-raising cost of a data breach in 2018 and we know that employees are often the weakest link. In fact, over 90% of all cyber-attacks are successfully executed with information stolen from employees, according to the Identity Management Institute.

The majority of these employees are the innocent victims of phishing attacks, but former, or even current, employees with an axe to grind can also cause enormous damage and typically prove more difficult to root out. There’s no doubt that security awareness training is vital, but it’s not enough on its own.

As many as 47% of all data breaches were caused by hackers or criminal insiders, according to the Ponemon Institute’s 2017 Cost of Data Breach Study, and these breaches were more costly to resolve at an average of $156 per stolen record, compared to an average cost of $128 per record when human error was the cause.

If you really want to secure your company data then you need to know what your employees are doing, and there are many ways of finding out.


Being Big Brother

There are a lot of employee monitoring software options out there, like Teramind, InterGuard and  SentryPC, that enable you to watch exactly what your employees are doing in real time. At the shallow end you can use these packages transparently and automatically filter out inappropriate content or limit social media time. At the deep end, you can use them silently to track exactly what websites your employees visit and even record keystrokes for online searches, messaging chats and emails.

You may consider this the nuclear option. It may not be illegal to monitor employees in this way, though some states have put protections in place, but it’s certainly an ethical quandary. It gives your IT department access to a lot of potentially sensitive information.

If you’re considering using software like this, then it’s worth asking, “Who watches the watchmen?” Depending on how you use it, monitoring can also be time consuming, so it’s certainly not the most efficient way to guard against the risk of a data breach.


User behavior analytics

From a security standpoint, what you really want is to be alerted when employees do something suspicious. User behavior analytics (UBA) are a smarter way to sniff out anomalies in users’ actions and flag them for further investigation. Companies like IBM and Varonis have developed advanced UBA tools that can detect unusual activity.

Is an employee trying to access a file they shouldn’t? Maybe they’re downloading something at 3:00am from a location that isn’t their home. Perhaps they’re trying to move laterally between systems. The beauty of UBA is that it highlights malicious insiders and outsiders using stolen credentials equally well, though it may require further investigation to determine which is which.


Applying security to the end user experience

If you’re going to go to the trouble of monitoring your employees, then maybe you should extract more value from the data you collect.

There’s a new breed of software that offers the same potential security protections to ensure compliance but focuses on the end user experience and how it might be improved to remediate issues as they happen. Nexthink detects and addresses anomalies in endpoint behavior before they occur or worsen into bigger problems. Nyansa takes a similar approach to problem prediction and mitigation with its network analytics service. Emphasis is placed on end users that have been or could be impacted by a problem then address it before escalation.

“End users lose more than 20 minutes of time each day because of computer issues, resulting in lost productivity for the business and lost credibility for IT,” says Samuele Gantner, VP Products, Nexthink. “We see this happen even in the most advanced organizations.”

Realigning endpoint monitoring to focus on improving the daily work experience for your employees makes a lot of sense. You can tighten your cybersecurity and gain the oversight you need, while simultaneously facilitating greater productivity and lessening the workload on your IT department.

Whatever strategy you choose, there’s clearly a need to act. The 2018 Insider Threat report from Crowd Research Partners interviewed 472 cybersecurity professionals and 53% confirmed that an insider attack had happened at their organization in the last year. It also found that 90% of organizations feel vulnerable to insider attacks.

Pair good policy and training with effective monitoring software and you can reduce the risk.


This article was originally posted in CSOOnline >