Insider threats have always been with us, but new technologies, including artificial intelligence, have made it easier for network users to access and expose sensitive data.
To minimize those risks, agencies must focus on controlling authentication, access and permissions. They need to implement least privilege models, separation of duties and comprehensive auditing. The auditing part is key, to track those events and synthesize that information to determine when — or whether — there is a threat within the system, said Tieu Luu, Chief Product Officer at Qmulos.
“New technologies have, essentially, increased attack surfaces. Whether it’s from remote workers, more use of cloud, software as a service, or other tools, those are more opportunities for data exfiltration — whether malicious or just inadvertently,” said Luu.
User activity monitoring is a critical piece of this, said Paul Kurtz, Chief Cybersecurity Advisor at Splunk. “We have to make sure that we have a synoptic picture of what’s going on in our networks, weaving together a great amount of data to identify anomalous activities,” he said.
In this video interview, Luu and Kurtz discuss strategies for identifying and mitigating insider threats. Topics covered include:
- Establishing behavioral baselines for assessing user activity
- Understanding what information to collect on users
- Protecting the privacy of individuals during the threat assessment process
Leave a Reply
You must be logged in to post a comment.