Insider threats can be very damaging. According to the Bit Glass 2020 Insider Threat Report, among its numerous impacts, the most significant is the loss of critical data and operational disruption. In addition to damaging a company’s reputation, insider threats can reduce its competitive edge.
As the actors are trusted agents with legitimate access to the company’s data, insider threat mitigation is challenging. Many cybersecurity experts agree that it is time to move on since most legacy tools have failed. The most promising technologies in cybersecurity in the coming years will be artificial intelligence and machine learning. Can they help counter insider threats?
Insider Threat Definition
A cyberattack originating from inside an organization or originating from someone with authorization to access the organization’s networks or systems is known as an insider threat. A potential insider threat can be a current or former employee, consultant, board member, or business partner. It can also be intentional, unintentional, or malicious.
Cybersecurity Insider threats occur when people use their authorized access to an organization’s data and resources to harm the company’s equipment, information, networks, and systems. These include corruption, espionage, depletion of resources, terrorism, sabotage, and unauthorized disclosure of information. Cybercriminals can also use it as a launchpad to launch malware attacks or ransomware attacks.
Organizations are increasingly vulnerable to insider threats. According to the Ponemon Institute’s 2020 Cost of Insider Threats study, the average cost of this form of attack is $11.45 million, and 63% of these attacks are caused by employee negligence.
Authentication
Negligence is the main cause of most insider threats facing businesses. There is no way to eliminate human error from time to time, despite training the workforce on cybersecurity awareness. In terms of cybersecurity, it’s about reducing the attack surface; if a breach occurs, it can be contained easily.
The least privilege principle can be used to implement this in the authentication. Workers have the least amount of access to data necessary to fulfill their tasks at any given time.
Organizations can’t effectively implement this principle using signature-based cybersecurity tools. The reason is that context is lacking. Artificial Intelligence-based Risk-Based Authentication (RBA) easily fills this gap. In addition to verifying identity, RBA also analyzes a person’s context to detect anomalies. By combining behavioral analytics and machine learning, RBA can detect patterns in user behavior and enforce threat-aware policies.
The RBA also gathers information about the user’s location, device, time of access, etc. to determine whether a breach has been attempted. Based on login behavior, RBA estimates a risk score without two-factor authentication. Any suspicious activity (such as trying to gain access through an unknown device) would prompt the system to ask for more information. At high risk, access is denied.
False Positives
The number of false positives discovered by organizations exceeds 20% in 43% of cases. The problem is that many businesses still rely on signature-based (or rule-based) cybersecurity tools in an age when cyber-attacks are becoming more sophisticated. Artificial intelligence is now used by cybercriminals to scale their attacks with greater precision, deftness, and sophistication. Traditional security tools are ineffective against such advanced threats.
Cyber-attacks based on AI need to be combated with even more robust AI tools. Through machine learning, these tools establish a baseline of normal behavior against which to assess future usage. Additionally, IT is alerted beforehand with the help of predictive analytics.
Zero-day attacks and other types of strange attacks are protected from these stronger defenses. Cybersecurity tools from the past can grant or restrict access to a network based on the rules of what’s good and what’s malicious. Even without artificial intelligence, such an approach can be easily bypassed by launching an attack that exploits an unknown vulnerability or tricking the system to ignore malware as ‘safe-ware’. Intelligent tools know better. A machine learning approach can reduce the number of false positives by up to 50% – 90%.
Phishing Prevention
There are three types of insider threat actors:
- Malicious users – intentional breaches of data
- Data breaches due to careless users
- Compromised users – data breaches caused by external actors (typically when a user clicks on a malicious link in a spear-phishing attack).
Behavior analytics is also useful for preventing phishing attacks. Emails from seemingly trusted sources can be analyzed using artificial intelligence to find out if they are consistent with previous emails from the sender. By doing so, it reveals often subtle contradictions in syntax, word choice, writing style, etc. that are overlooked by humans. In addition, it can scan links and media ahead of time to ensure they are authentic and safe.
This entire process is automated, so human actors don’t have to sift through vast amounts of data to identify potentially malicious code and media.
AI, machine learning, and cybersecurity are going to become increasingly intertwined in the coming years, but this is not a magic elixir that will automatically resolve all our cybersecurity issues. Don’t forget that cyber attackers can also enhance their attacks by using AI tools.
The trouble persists, therefore. It’s best to think of artificial intelligence as another tool in your box that, together with other tools, creates a strong, almost indestructible defense.
BIBLIOGRAPHY
1. https://www.infosecurity-magazine.com/next-gen-infosec/insider-threat-mitigation-ai-ml/
2. https://www.fortinet.com/resources/cyberglossary/insider-threats