Behavioral analytics - The key to fight against cyber threats

The key to better security lies in adopting a differentiated human-centric approach to cybersecurity, where people—rather than IT infrastructure—become the new perimeter. 
 

Surendra Singh Mar 25th 2019 A-A+
Behavioral_analytics_-_The_key_to_fight_against_cyber_threats.jpg

Incidents of data breaches in organizations are not just becoming more frequent but more critical in nature. Take, for example, the November 2018 Marriott International data breach that exposed the personal information of approximately 500 million customers worldwide. 

Or the 2013 cyberattack on the global retail giant Target, which compromised more than 41 million of the company's customer payment card accounts. The attack resulted in the company having to pay an USD 18.5 million multistate settlement—one of the largest ever for a data breach. 

... With behavior-based security, organizations can identify intruders who masquerade as genuine users by hijacking their digital identity, paving the way for a more robust security approach which goes beyond the traditional threat-based approaches. 
Surendra Singh
Country Director – Indian & SAARC at Forcepoint

The consequences of a data breach for a business are both devastating and long-term. Businesses are negatively impacted by immediate disruption to business and financial loss due to penalties. For example, The 2018 Cost of a Data Breach Study: Global Overview estimated the global average cost of a data breach to be USD 3.86 million, a 6.4 percent increase from the 2017 report. Even more serious concerns are trust deficit among customers and businesses suffering from brand loss due to continuous negative publicity. 

While all of the above reasons make data security a top cybersecurity issue for organizations to deal with, clearly, the traditional security is falling short of measures to contain onslaught of data breaches. The key to better security then lies in adopting a differentiated human-centric approach to cybersecurity, where people—rather than IT infrastructure—become the new perimeter. 

Utilizing the relationship between humans and data 

Organizations are undergoing massive amount of digital transformation, to remain competitive and agile. Driven by cloud and mobility, a digital enterprise has little or no defined organizational IT borders, and critical data is lying everywhere. This makes CISOs’ job tougher where they now have to deal with a bigger attack area and can no longer rely on securing a fixed IT network to ward off cyber threats. Attackers are exploiting this new technology environment to undermine even the most extensively-designed security systems. 

Organizations are primarily made up of people who constantly interact with critical data. Therefore, if we could understand the context behind users’ action and their interaction with data, it is much easier to identify people who pose greatest risk to data exfiltration rather than sift through endless red flags and security alerts.

Attackers are also targeting users to compromise the digital enterprise. The 2018 Facebook data breach of 29 million users globally, illustrates how people’s digital identity is being stolen to gain access to critical data and intellectual property (IP). According to a report published by Breach Level Index, identity theft accounted for 59 percent of the data breaches in 2017. 

Another example, the fraud of more than ₹130 billion (USD 2 billion) at Punjab National Bank, India’s second largest state-owned bank, involved multiple people at several levels across branches. However, the actual authorization of issuance of money through Letters of Undertaking (LoUs) and Foreign Letters of Credit (FLCs) happened because a deputy manager had unauthorized access to a Level-5 password.

Organizations are primarily made up of people who constantly interact with critical data. Therefore, if we could understand the context behind users’ action and their interaction with data, it is much easier to identify people who pose greatest risk to data exfiltration rather than sift through endless red flags and security alerts. This human-centric approach to cybersecurity turns the focus on people and data—the how, when, and why people use and access information. 

In this approach, a “baseline” of users’ behaviour made up of their normal daily work routine is maintained. The system works by zeroing in on any anomaly in this baseline behavior in real-time—resulting in a safer cybersecurity posture.

To illustrate it better, take for example an employee whose baseline behavior involves accessing data files pertaining only to his department. However, if this employee is trying to access some sensitive data of another department or is observed transferring a large amount of classified information to their personal storage accounts, alerts are instantly generated prompting a check on the suspicious activity. 

Behavior analytics is the way forward

India currently accounts for 37 percent of all global breaches—second only to the US—in terms of records compromised or stolen or revealed, according to Breach Level Index. While the nature of attacks may change, it is vital to remember that the motivations remain the same. Data which is critical to organizations is an attractive target for hackers. This will continue to motivate them to invent new methods to bypass cybersecurity systems. 

Human behavior is predictable and repetitive. Behavioral analytics uses this characteristic to build a continuous authentication layer by incorporating a person’s physical actions. This can be anything from keystroke, mouse movement, scroll speed, or what files a user typically views on a daily basis. If any of these is out of the ordinary, fences are put up to secure. 

With behavior-based security, organizations can identify intruders who masquerade as genuine users by hijacking their digital identity, paving the way for a more robust security approach which goes beyond the traditional threat-based approaches. 

Surendra Singh is Country Director – Indian & SAARC at Forcepoint

Disclaimer: This article is published as part of the IDG Contributor Network. The views expressed in this article are solely those of the contributing authors and not of IDG Media and its editor(s).