Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

UBA vs. the rogue insider

Taylor Armerding | May 11, 2015
The recent arrest by the FBI of a former employee of JP Morgan Chase for allegedly trying to sell bank account data, including PINs, ended well for the bank.

The recent arrest by the FBI of a former employee of JP Morgan Chase for allegedly trying to sell bank account data, including PINs, ended well for the bank.

According to the FBI, the former employee, Peter Persaud, was caught in a sting operation when he attempted to sell the data to informants and federal agents.

But such things don't always end so well for the intended victims. The arrest was yet another example of the so-called "rogue insider" threat to organizations.

And such incidents are providing increasing incentives to use technology to counter it.

The threat of employees going rogue — wittingly or not — is significant enough that some organizations are turning to behavior analytics that, according to its advocates, are able not only to detect insider security threats as they happen, but even predict them.

Such protection would likely be welcomed by most organizations, but it comes with an obvious consequence: Worker privacy. Predicting security threats calls up images of "Minority Report," the 2002 movie starring Tom Cruise, in which police arrested people before they committed crimes.

In that sci-fi world, it was "precogs" — psychics — who predicted the impending crimes. The IT version is User Behavior Analytics (UBA).

According to Gartner, "UBA is transforming security and fraud management practices because it makes it much easier for enterprises to gain visibility into user behavior patterns to find offending actors and intruders."

Saryu Nayyar, CEO of Gurucul Solutions, in a recent statement, said her firm's technology, "continuously monitors hundreds of (employee behavior) attributes to detect and rank the risk associated with anomalous behaviors.

"It identifies and scores anomalous activity across users, accounts, applications and devices to predict risks associated with insider threats."

This should not be a surprise. Data analytics are being applied to just about every challenge in the workplace, from marketing to efficiency. So it is inevitable that it would be used to counter what has always been the weakest link in the security chain — the human.

Americans have also been told for years that personal privacy is essentially dead. Still, some of them may not appreciate just how dead it is, or soon will be, in the workplace.

But Nayyar and others note that there should be no expectation of privacy in the workplace when it comes to corporate data.

"This technology is simply monitoring activity within a company's IT systems," she said. "It does not read emails or personal communications."

She added that monitoring of employee behaviors by IT has been going on for a long time. "This is nothing new," she said. "What's different today is the use of big data analytics, machine learning algorithms and risk scoring being applied to these logs."

 

1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.