Using Behavior Profiling to Identify Insider Threats (Part 1)
Here is part 1 an article I wrote on "Using Behavior Profiling to Identify Insider Threats (Part 1)". (You need to log in but its free)
"Organizations often spend significant time, effort and resources protecting their data and systems from external threats such as hackers, foreign spies, hacktivists, and cybercriminals. Internal threats, often called “insider threats”, are often ignored because they are much more challenging for an organization to address.
One valuable tool for managing risk around insider threats is “Behavior Profiling”. Behavior Profiling is about identifying potential behavior patterns, motivations, emotional states, and demographic variables of an insider who could engage in malicious activity against the organization. The goals are to accurately profile, predict and detect internal threats who may be seeking to damage the organization.
Implementing behavior profiling into an organizations threat assessment program requires both human and technological commitment. An organization’s own people are on the frontline for detecting insider threats by observing concerning behaviors, or significant changes in a coworker and other related stressors. Insider threat detection should also include using technologies such as SIEMs, monitoring tools, access control systems and machine learning to identify risky or unusual behavior."