The greatest asset becomes the biggest risk

Issue 1 2022 Information Security

It's never been more important to protect employees from cyber-attacks while also mitigating the risk they pose as trusted insiders. The erosion of the cyber perimeter as a result of new virtual workforce models necessitates a new approach, one that baselines activities and behaviours and protects employees by highlighting anomalies.


John Mc Loughlin.

Companies deploy multiple security, intelligence and productivity monitoring tools in the hopes of working smarter and safer. However, none of these solutions focus on the humans driving day-to-day operations.

Dtex offers the world’s first Workforce Cyber Intelligence Platform, capturing hundreds of elements of behavioural telemetry to produce dynamic 'Indicators of Intent' and deliver holistic, real-time awareness about the workforce’s activities – without invading personal privacy.

It also empowers business owners to easily see, understand and act on contextual intelligence using scoring frameworks proven to stop insider threats, prevent data loss, maximise software investments and protect the workforce, wherever they may be.

Workforce Cyber Intelligence is a new approach to enterprise data collection and analysis that focuses on understanding how, when, why, where and for how long employees and third parties interact with data, machines, applications and their peers as they perform their job responsibilities to create a safer, smarter and more secure enterprise.

Workforce Cyber Intelligence is designed for today’s modern, distributed workforce model. It provides complete visibility into user and account activity, keeping all data anonymous to protect privacy and only shining a light on abnormal or inefficient behaviours that indicate risks and areas for operational improvement.

It is critical to ensure employees know that personal activities and behaviours that don't directly increase organisational risk, cause cultural conflict, or limit successful operations remain private and anonymous.

People are the heartbeat of every organisation, so the human factor is the most important element of a business’ ability to operate effectively and safely. The enterprise workforce’s behaviour, habits and interactions ultimately determine opportunities and threats, the investments that contribute to efficiency or waste, how and where risks emerge and if compliance mandates are met.

Dtex’s Workforce Cyber Intelligence Platform enables organisations better understand their workforce, protect their data and make human-centric operational investments.

The ideas of employee monitoring, insider threat detection, data loss prevention (DLP), User Activity Monitoring (UAM) and human risk management aren’t new. The greatest challenge is improving security and operational performance in a way that benefits both the company and the employee. The best solution protects sensitive information and employee privacy.

Privacy

Employees are increasingly aware of and diligent in understanding how employers monitor work activities and behaviours. Employees want to know that personal activities and behaviours remain private and anonymous unless those activities directly increase organisational risk, cause cultural conflict, or limit successful operations. This is a fair ask of employees and becoming a major factor in compliance regulations and mandates.

Gathering and analysing data

One may think that it is easy to gather a lot of data for analysis, discover some findings and report on them. Unfortunately, it's not, the process is straightforward, but the mechanics present challenges. Collecting user data often involves overtaxing endpoints and the network and consequently impeding end-user productivity.

Analysis of the captured data carries fears of data misuse and privacy infringement, not to mention wasted resources on false positives and 'noise'. Noise is information that calls attention to insignificant findings that present little or no risk. Noise can overwhelm and mask true threats and is a distraction for scarce security resources.

Managing access and perception

Arguably one of the tougher challenges of collecting user data and monitoring the workforce is the workforce’s perception of an organisation’s motivation. When employees hear about monitoring, their initial impression is negative. Changing those perceptions requires openness and assurance that any data being collected is intended to protect individuals, sensitive data and the organisation and is handled in the most secure, private and respectful way possible.

Privacy will be the primary concern to alleviate. In addition to regulatory requirements, protecting employees’ privacy is crucial if you want to have employee engagement and partnership. Managing access to the collected data is another challenge to overcome. Information on individual employees should be anonymised and unmasked only on a strict need-to-know basis.

Data minimisation is a critical prerequisite to privacy. Invasive surveillance such as keystroke logging and screen capture, as well as the collection of user content such as emails and instant messages, isn’t required to detect insider risks and protect organisational data. Employees don’t want corporate IP leaked on purpose or by accident.

Protection for the employee

Workforce Cyber Intelligence protects employees in many ways, including increased security awareness, smarter engagement and fewer violations or incidents and the corresponding interruptions. Having a clear and unalterable audit trail provides non-repudiation and defence for the employee. But perhaps the biggest benefit is simply protection against external threats.

Employees are an appealing target of malicious actors and are subject to constant exploitation attempts. People by their nature want to be helpful and trusting and these are the underlying human traits enabling social engineering.

Businesses need to shift their focus and learn from the workforce by observing employees' interactions with data, systems and machines and using that intelligence to improve performance.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

New ransomware using BitLocker to encrypt data
Technews Publishing Information Security Residential Estate (Industry)
Kaspersky has identified ransomware attacks using Microsoft’s BitLocker to attempt encryption of corporate files. It can detect specific Windows versions and enable BitLocker according to those versions.

Read more...
Create order from chaos
Information Security
The task of managing and interpreting vast amounts of data is akin to finding a needle in a haystack. Cyberthreats are growing in complexity and frequency, demanding sophisticated solutions that not only detect, but also prevent, malicious activities effectively.

Read more...
Trend Micro launches first security solutions for consumer AI PCs
Information Security News & Events
Trend Micro unveiled its first consumer security solutions tailored to safeguard against emerging threats in the era of AI PCs. Trend will bring these advanced capabilities to consumers in late 2024.

Read more...
Kaspersky finds 24 vulnerabilities in biometric access systems
Technews Publishing Information Security
Customers urged to update firmware. Kaspersky has identified numerous flaws in the hybrid biometric terminal produced by international manufacturer ZKTeco, allowing a nefarious actor to bypass the verification process and gain unauthorised access.

Read more...
Responsible AI boosts software security
Information Security
While the prevalence of high-severity security flaws in applications has dropped slightly in recent years, the risks posed by software vulnerabilities remain high, and remediating these vulnerabilities could hinder new application development.

Read more...
AI and ransomware: cutting through the hype
AI & Data Analytics Information Security
It might be the great paradox of 2024: artificial intelligence (AI). Everyone is bored of hearing it, but we cannot stop talking about it. It is not going away, so we had better get used to it.

Read more...
NEC XON shares lessons learned from ransomware attacks
NEC XON Editor's Choice Information Security
NEC XON has handled many ransomware attacks. We've distilled key insights and listed them in this article to better equip companies and individuals for scenarios like this, which many will say are an inevitable reality in today’s environment.

Read more...
iOCO collaboration protection secures Office 365
Information Security Infrastructure
The cloud, in general, and Office 365, in particular, have played a significant role in enabling collaboration, but it has also created a security headache as organisations store valuable information on the platform.

Read more...
Cybercriminals embracing AI
Information Security Security Services & Risk Management
Organisations of all sizes are exploring how artificial intelligence (AI) and generative AI, in particular, can benefit their businesses. While they are still figuring out how best to use AI, cybercriminals have fully embraced it.

Read more...
A strong cybersecurity foundation
Milestone Systems Information Security
The data collected by cameras, connected sensors, and video management software can make a VMS an attractive target for malicious actors; therefore, being aware of the risks of an insecure video surveillance system and how to mitigate these are critical skills.

Read more...