How Agencies Can Shift From Reactive to Proactive Insider Threat Defense

LeoWolfert/Shutterstock.com

Smarter tools and rules can help keep agencies on top of what's happening on their networks.

Isaac Kohen is the founder and CEO of Teramind.

When it comes to data breaches, the federal government continues to fall short of respectable data security safety. And when we say “fall short,” we mean very, very short.

According to a 2017 Thales Data Threat Report Federal Edition, 34 percent of federal government respondents surveyed experienced a data breach in the last year. The likelihood of a data breach is high, but when it comes to active prevention, many government agencies are at a standstill. Much of this can be attributed to a lack of preventative systems that can detect insider threats.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

One of the biggest challenges for securing funding for data protection in the federal government is the government itself. Like many things in government, budgets are shaped by enforced regulations and those regulations might not be in line with the latest prevention technology and programs. Innovation is key to staying ahead of cybersecurity incidents and problems, but to remain innovative cybersecurity professionals and experts need continued verbal support and monetary support from the top.

The main objective is for agencies to move from reacting to insider threats to preventing them, and these tools can help secure important data:

User Behavior Analytics

This technology falls under the category of security information and event management but is commonly referred to as user behavior analytics. This technology creates a “normal” baseline behavior profile of each employee and of the agency’s network. With a baseline profile established, administrators are able to track and be alerted of deviations in the behavior of that profile.

This technology makes use of advanced machine-learning to persistently monitor and adjust the behavioral baseline and alert administrators of anomalous activity. If a user begins to access an unauthorized space, administrators will be alerted to it immediately. Whoever is the administrator has a few options from here, such as penalizing the user or escalating the incident to higher authority based on the severity of the incident. This all happens in the background as well, preventing suspicion to employees in their day-to-day work. Over time, this technology outranks even cybersecurity education programs in its effectiveness in preventing insider data breaches.

Data Loss Prevention Systems

This technology is commonly deployed in defense agencies to protect data. The SANS Institute defines data loss prevention as: “Products that, based on central policies, identify, monitor and protect data at rest, in motion, and in use, through deep content analysis.” In practice, this means ensuring that data in your hard drives, communications and work are protected and remains in line with defined policies. In action, one feature of this software in your network is that it can prevent people from printing documents or using removable media.

Digital Forensic Systems

There are both commercial and open-source solutions that make conducting an investigation of a security incident easier. This technology is proactive in the sense that administrators are able to adjust policy, controls and configurations with precision and informed analysis to prevent the incident from happening again.

Paired with UBA technology, administrators can predict which behaviors and vulnerabilities may be in your network for better security management. Technology under this category will record and monitor every keystroke, email, file transfer, website, message and document that is made or acted upon within your network. Additionally, you are able to see a video of every session your user has on the network. These features operate passively and are undetectable to your average user.

Rules-Based Risk Analysis Systems

This technology is a more recent development that builds upon activity monitoring and helps you proactively manage risk in an informed way. With this technology, administrators can develop rules based on any observable activity. Once a rule is established, a risk level can be assigned to each rule and a corresponding response. For example, if there is a rule not to send any information over personal email accounts, and employees violate that rule, their risk scores increase. Additionally, they could receive warnings or be locked out of their accounts until further notice.

The risk score is important here as it can be aggregated to determine a department's risk score. This technology allows a snapshot of which employees and departments are placing your agency at the highest risk, allowing more effective management of risk and behavior within your organization.

Tips for Employee Awareness Programs

It is well known that education helps in organizational change efforts, such as creating a better security culture. Awareness programs should include storytelling and reinforcement. Storytelling is a powerful tool for having your staff remember what was taught. If employees hear a story that could be them, it is often enough to scare them straight. However, there may be incidents where negligence is happening and that’s when reinforcement is necessary.

Each of the technologies above could be integrated into an effective cybersecurity employee awareness program. For example, users who violate rules could be informed with warnings or scaled penalties. Enforcement and reminders help people understand that small actions have large impacts when it comes to cybersecurity.

When it comes to securing data, the federal government struggles with its first line of defense: technology and employees. Through creating a prevention mindset and utilizing behavioral monitoring software and security training, agencies can better prepare for a cyber safe future.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.