Recently, insider threats have become one of the most complex problems in various kinds of companies. This problem is especially acute in structures closely related to ensuring security, including state security. Most of all, in such situations, systems with a certain degree of openness, such as government, industry, universities, and research laboratories systems suffer (National Counterintelligence and Security Center [NCSC], 2017). The loss of valuable information in such structures can lead to a wide variety of consequences. That is why the IC manager and leader must concentrate all forces on ensuring all protective measures and counter-intelligence programs. The purpose of this essay is to discuss the role of various new technologies in countering insider threats.
First, it is necessary to determine what exactly the insider threat is and who the insider is. According to Hunker and Probst, an insider can be a person who has privileged, legal access to any organizational structure and has the right to represent it or make changes to it (2011). Accordingly, an insider threat can be described as a threat emanating from a person who uses his or her access for other purposes or whose access leads to improper use of the system. The most critical aspects that define an insider are access to the system, the ability to represent the system to outsiders, as well as the trust of the organization and knowledge (Hunker & Probst, 2011). Thus, counteraction to insiders should be directed along the way of these aspects.
All approaches to solving the insider threat problem can be divided into two types: social and technical. According to Safa and Furnell et al., factors such as the severity of sanctions and lower remuneration have a substantial impact on employees’ attitudes toward the company (2019). Accordingly, to reduce risks, managers are advised to pay attention to environmental factors and improve the working environment (Safa & Watson et al., 2018). However, these factors can only generally improve the situation, and for effective results, it is necessary to use technical measures. Such measures may be, for example, host-based analytics, which analyzes data collected from the host, i.e., from every computer.
A variety of statistics can fall into the category of this data, from the simplest values to data from applications. Such data may seem useless, but with the accumulation of statistics, this approach allows us to evaluate user behavior (Liu et al., 2018). As stated above, a host is assessed by a variety of parameters, starting with system calls. These operations give a concept and idea of exactly how the program accesses the internal resources of the computer. Thus, this method is useful for an in-depth analysis of user actions on the host computer, which allows detecting violations in work.
Keyboard and mouse usage dynamics are directly related to user behavior. Since the data collected is directly personal, this method is most suitable for identifying people who impersonate workers, the so-called “masqueraders” (Liu et al., 2018). Finally, one of the most sophisticated methods is to track the logs of committed actions. Its complexity lies in the massive amount of data obtained, but even in them, useful information can be found. For example, a long chain of login errors can signal a blatant attempt to break into a system (Liu et al., 2018). In addition to these three factors, there are many more, for example, the study of network traffic, but they are all united by the same idea.
Thus, host-based analysis is an effective and multifaceted method of preventing and detecting insider threats. Unlike various social, this method allows to identify an intruder directly by collecting information about the user. However, the disadvantage of this method is the difficulty of implementing these algorithms, since, in addition to issuing the correct result in this matter, the speed of rendering this result is also critical. Accordingly, the organization of host-based analysis requires powerful machines and trained specialists.
References
Hunker, J., & Probst, C. W. (2011). Insiders and Insider Threats-An Overview of Definitions and Mitigation Techniques. JoWUA, 2(1), 4-27. Web.
Liu, L., De Vel, O., Han, Q. L., Zhang, J., & Xiang, Y. (2018). Detecting and preventing cyber insider threats: A survey. IEEE Communications Surveys & Tutorials, 20(2), 1397-1417. Web.
National Counterintelligence and Security Center. (2017). Strategic plan | 2018–2022. Web.
Safa, N. S., Maple, C., Furnell, S., Azad, M. A., Perera, C., Dabbagh, M., & Sookhak, M. (2019). Deterrence and prevention-based model to mitigate information security insider threats in organisations. Future Generation Computer Systems, 97, 587-597. Web.
Safa, N. S., Maple, C., Watson, T., & Von Solms, R. (2018). Motivation and opportunity based model to reduce information security insider threats in organisations. Journal of information security and applications, 40, 247-257. Web.