Content

Triage plan can fend off insider threats, Latson says

Insider attacks doubled last year from two years ago, according to recent Ponemon Institute research, and most likely most of those insiders’ network behavior could have foreshadowed a preventable attack only if their data access were properly monitored.

That’s where a proactive strategy comes in, advised InfoSec World 2020 featured speaker Velma C. Latson, who discussed preventative tactics at the session “Challenging Insider Threats: Cyberspace Insider Threat Triage (CITT) Plan.”

According to Ponemon, the total number of insider threats increased from 3,200 in 2018 to 4,716 incidents in 2020.

Latson, a lecturer in the technology and security department at Bowie State University, suggested that organizations compare user profiles and resource usage to a benchmark created by the network administrator, based on the considered average standard of how users at different levels of access would use the system.

By doing so, the CITT tool provides easier analysis to understand an incident caused by an inside user, the accessibility the user has to the data, and the permissions the user has to manipulate the data into low risk, medium risk, and high-risk categories, Latson said.

Risk assessment, training and cybersecurity awareness, and cyber user behavior were emerging themes in a recent analysis of attacks, Latson noted, adding that a CITT plan puts into practical use a strategy to challenge insider threats.

The plan can identify the most critical crisis per insider incident to become a crisis-prepared organization by prioritizing cyber user behavior, identifying sequences and applying available options in case of an incident.

Benchmark usage then is compared against a “threat score” calculated based on HR data and psychological data for each authorized user. The HR employee analysis is calculated from factors such as remaining days of leave, promotions, and salary range. In addition to the HR factor, a personality analysis is taken into consideration.

Factors calculated into this figure are social media posts, how the employee feels about the company, and how the employee socially interacts with their peers. If the combination of both the threat score and the level of employee risk based on the CITT plan, the tool determines whether or not the security administrator should be alerted to the possibility of an insider threat crises occurring.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.