Despite having tools, solutions and processes in place to protect their information assets, businesses remain at significant risk from attacks. Too many of them simply cannot detect when large amounts of data are leaving their networks.
This isn’t surprising really. Today’s employees rely on a slew of cloud services, mobile devices and connection points with a variety of third-party partners to do their jobs. Traditional security perimeters have eroded, creating a vast attack surface that can be tricky to defend and hard to monitor.
In this amorphous environment, the usual security tools and solutions are inadequate, as they block any event that seems as if it could be cyber criminals exfiltrating data, but they do this without really understanding the context of the event that is taking place.
In this way, a user could get blocked simply for sharing or copying a file, and users will find ways to slip past the security net in order to do their jobs. IT will respond with more restrictions, and both will end up in a cycle of time consuming measures and limitations on staff who are trying to do their jobs.
This is why understanding the context behind a user’s actions is so crucial. Understanding the tools needed by various individuals to do their jobs, and ensuring that policies do not inhibit their work, is key.
Businesses need to look at their most crucial assets – data and people, and develop human-centric, automated and adaptive security responses based on how their users interact with their data. In this way, the focus will be on how, when and why individuals use and access data, viewing their actions in a bigger context that is baselined against their typical activities.
Doing this effectively means that businesses will have an understanding of their employees typical patterns of behaviour, and will be able to instantly identify any anomalous or suspicious behaviour. An example would be an employee who, having followed a pattern of accessing certain types of files only for months on end, suddenly tries to access proprietary or sensitive information. This deviation from the norm would raise a red flag.
Keeping an eye on employees’ interactions with data enables the IT department to view, organise and mitigate any risk as it happens. They can tailor security responses and protocols to the business’s appetite for risk, and the necessary measures can be applied based on anomalous patterns as well as risk scores.
IT can now prevent the careless or malicious use of company data and better prevent vulnerabilities from compromising the network. Moreover, all of this can be done without hampering employee productivity, resulting in intelligent and effective cyber security.