Cybersecurity: Need of Behavior Analytics in This New Normal – Remote Workforce

Before the current state of mass remote working, IT leaders may have implemented a comprehensive cybersecurity strategy. They protected their data and the endpoints. However, the rapid change, that businesses are currently experiencing, is something none of us could predict. Cloud services and applications are helping organisations ensure business continuity and employee productivity.

But, how can organisations’ be sure that their current insider and data protection strategy can support this new way of working?

CXO’s and senior leaders of Indian enterprises seeking answers to this question can start by examining the changing nature of insider threats. Till a few years ago, protecting against insider threats meant focusing cybersecurity efforts on keeping bad actors out.

However, in recent years, hackers have executed increasingly sophisticated attacks to compromise employee credentials. This, when successful, allows bad actors to impersonate employees. It thereby renders many traditional cybersecurity defences obsolete. Today, there’s a growing problem: data exfiltration (any unauthorized movement of data) that happens more quickly than ever. And with the recent rapid and urgent shift to support remote workers at scale, we can expect this will drive an exponential increase in data exfiltration opportunities for bad actors.

What can be done?

So to detect and protect the critical data and insider threat risk when employees are working remotely, it requires a behaviour-centric approach that focuses on Indicators of Behavior (IOBs) - behaviour attributes that monitor the user against their established normal patterns of behaviour and provide a risk scoring based on the same. This approach focuses on detecting and predicting different user personas. This includes malicious users, accidental users or compromised users at the early stage of any targeted insider threat attack.

Behavior analytics focuses on eliminating security blind spots and provide a comprehensive view of users trending towards risky behavior. It helps to gain visibility into the composite user risk. It, then, adapts and readjusts the data protection strategy in real-time.

(Note: This article is written by Brijesh Miglaini, Security Consultant, Forcepoint)