INSIDE or OUTSIDE Where's the Bigger Threat?

Should the next wave of threat detection software be about tracking changes in user behavior, in other words, browsing and social media habits? Let’s be honest, we’re currently relying on endorsements or pledge of allegiance to the bad elements by users to be able to flag and track them down. And we know this doesn’t cut it for Cyber Security or National Security. Should Ad Revenue and Predictive Analytics software be repurposed to guess what Inadvertent Actors are likely to click to draw trouble? How do you repurpose IBM Watson and the likes to start playing a new game with potential hackers to stay one-up and learn their next move? Some vendors claim to have the capability, but buyers aren’t convinced yet.

Rather than engage in more questions, here is a quick start towards a solution. Imagine a defense mechanism inspired by living conch shell – impenetrable but not impermeable, with a gooey middle. The spiral structure of a conch ensures the structural integrity and limited accessibility of the shell’s bottom half. Translate that into:
1. Proactive threat detection software, as opposed to standard virus scan software. Threat sensors meet and flag higher and more diverse usage patterns.
2. Hyperaware staff who peer-review behavior and share data on evolving threats.
3. Data abstraction architecture that morphs constantly to keep intruders from guessing data layout patterns.

While there needs to be a reinforced outer layer of IT security with standard tools, training and audits, what constitutes the inside (privileged data) security layer has become even more critical to the business. How organizations devise methods, predictive tools and processes to govern insider threats will be a significant investment and a differentiator for many businesses. At the least, a cultural shift is necessary to start sensing insider threats and to spread awareness about growing risks.

Organizations can claim that the choice of every employee was deliberate. However, they simply cannot claim there was a choice in the impending threat that an employee posed. There is now a need in the industry for version 2.0 of HP’s famous Flight Risk program that predicts employee behavior. Employee retention will continue to be important, but predicting a possible threat from every employee is even more paramount. At the most basic level, CIOs and CISOs could devise a simple test for prospective employees that pulses if he/she poses a cyber threat to the business. And perhaps, a targeted training even before hiring would be in order. As controversial as this may sound, the potential damage from an insider – when compared to someone with a bad credit – may be far greater than anyone realizes.

Insider threats are an elusive and poorly understood risk to business. The classic organizational trifecta of people, process and technology will need to rapidly transform to deal with this threat. The good news is that firms can repurpose a number of capabilities, like predictive analytics and gaming tools. The better news is that humans have shown to quickly evolve and prevail. The ability to witness the next wave of tools and capabilities to meet the challenge sounds very exciting!