The greatest asset becomes the biggest risk

Issue 1 2022 Cyber Security

It's never been more important to protect employees from cyber-attacks while also mitigating the risk they pose as trusted insiders. The erosion of the cyber perimeter as a result of new virtual workforce models necessitates a new approach, one that baselines activities and behaviours and protects employees by highlighting anomalies.


John Mc Loughlin.

Companies deploy multiple security, intelligence and productivity monitoring tools in the hopes of working smarter and safer. However, none of these solutions focus on the humans driving day-to-day operations.

Dtex offers the world’s first Workforce Cyber Intelligence Platform, capturing hundreds of elements of behavioural telemetry to produce dynamic 'Indicators of Intent' and deliver holistic, real-time awareness about the workforce’s activities – without invading personal privacy.

It also empowers business owners to easily see, understand and act on contextual intelligence using scoring frameworks proven to stop insider threats, prevent data loss, maximise software investments and protect the workforce, wherever they may be.

Workforce Cyber Intelligence is a new approach to enterprise data collection and analysis that focuses on understanding how, when, why, where and for how long employees and third parties interact with data, machines, applications and their peers as they perform their job responsibilities to create a safer, smarter and more secure enterprise.

Workforce Cyber Intelligence is designed for today’s modern, distributed workforce model. It provides complete visibility into user and account activity, keeping all data anonymous to protect privacy and only shining a light on abnormal or inefficient behaviours that indicate risks and areas for operational improvement.

It is critical to ensure employees know that personal activities and behaviours that don't directly increase organisational risk, cause cultural conflict, or limit successful operations remain private and anonymous.

People are the heartbeat of every organisation, so the human factor is the most important element of a business’ ability to operate effectively and safely. The enterprise workforce’s behaviour, habits and interactions ultimately determine opportunities and threats, the investments that contribute to efficiency or waste, how and where risks emerge and if compliance mandates are met.

Dtex’s Workforce Cyber Intelligence Platform enables organisations better understand their workforce, protect their data and make human-centric operational investments.

The ideas of employee monitoring, insider threat detection, data loss prevention (DLP), User Activity Monitoring (UAM) and human risk management aren’t new. The greatest challenge is improving security and operational performance in a way that benefits both the company and the employee. The best solution protects sensitive information and employee privacy.

Privacy

Employees are increasingly aware of and diligent in understanding how employers monitor work activities and behaviours. Employees want to know that personal activities and behaviours remain private and anonymous unless those activities directly increase organisational risk, cause cultural conflict, or limit successful operations. This is a fair ask of employees and becoming a major factor in compliance regulations and mandates.

Gathering and analysing data

One may think that it is easy to gather a lot of data for analysis, discover some findings and report on them. Unfortunately, it's not, the process is straightforward, but the mechanics present challenges. Collecting user data often involves overtaxing endpoints and the network and consequently impeding end-user productivity.

Analysis of the captured data carries fears of data misuse and privacy infringement, not to mention wasted resources on false positives and 'noise'. Noise is information that calls attention to insignificant findings that present little or no risk. Noise can overwhelm and mask true threats and is a distraction for scarce security resources.

Managing access and perception

Arguably one of the tougher challenges of collecting user data and monitoring the workforce is the workforce’s perception of an organisation’s motivation. When employees hear about monitoring, their initial impression is negative. Changing those perceptions requires openness and assurance that any data being collected is intended to protect individuals, sensitive data and the organisation and is handled in the most secure, private and respectful way possible.

Privacy will be the primary concern to alleviate. In addition to regulatory requirements, protecting employees’ privacy is crucial if you want to have employee engagement and partnership. Managing access to the collected data is another challenge to overcome. Information on individual employees should be anonymised and unmasked only on a strict need-to-know basis.

Data minimisation is a critical prerequisite to privacy. Invasive surveillance such as keystroke logging and screen capture, as well as the collection of user content such as emails and instant messages, isn’t required to detect insider risks and protect organisational data. Employees don’t want corporate IP leaked on purpose or by accident.

Protection for the employee

Workforce Cyber Intelligence protects employees in many ways, including increased security awareness, smarter engagement and fewer violations or incidents and the corresponding interruptions. Having a clear and unalterable audit trail provides non-repudiation and defence for the employee. But perhaps the biggest benefit is simply protection against external threats.

Employees are an appealing target of malicious actors and are subject to constant exploitation attempts. People by their nature want to be helpful and trusting and these are the underlying human traits enabling social engineering.

Businesses need to shift their focus and learn from the workforce by observing employees' interactions with data, systems and machines and using that intelligence to improve performance.


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Be aware of privacy and cybercrimes issues
Security Services & Risk Management Cyber Security Retail (Industry)
Artificial intelligence (AI) is being deployed to help shoppers make better choices, but retailers must be aware of their obligations under personal privacy and cybercrimes laws.

Read more...
Poor router security makes SMBs vulnerable to attack
Cyber Security
While major malware and ransomware incidents frequently make headlines in the media, router vulnerabilities are not as frequently publicised, but the outcomes of these violations could be immensely damaging.

Read more...
Cybercriminals eye South African SMEs lack of security
Cyber Security
Just as a business owner wouldn’t underinsure a tangible business asset such as a factory, SMEs shouldn’t leave their digital assets unlocked and in plain sight of criminals.

Read more...
Harnessing the power of AI-driven XDR
Cyber Security
According to AIMultiple, 90% of infosec personnel in the U.S. and Japan said they’re anticipating an increase in these automated attack campaigns, due in no small part to the public availability of AI research.

Read more...
Be prepared for the increase in reconnaissance
Cyber Security
Because ransomware has become so lucrative, cybercriminals are becoming more devious and putting significantly more energy into reconnaissance.

Read more...
Cybereason expands presence across sub-Saharan Africa
News Cyber Security
Cybereason has appointed Chantél Hamman as its new channel director focused on growing the company’s presence across sub-Saharan Africa.

Read more...
How to weather the approaching perfect storm
Cyber Security
Cybercrime is spiking and security skills are scarce, and small and medium enterprises (SMEs) are particularly vulnerable as the financial impact of falling victim to these security breaches can result in their total collapse.

Read more...
Cyber resilience is more than security
Industrial (Industry) Cyber Security IT infrastructure
Kate Mollett, regional director at Commvault Africa advises companies to guard against cyberattacks in the shipping and logistics sector using an effective recovery strategy.

Read more...
Preventing cyberattacks on critical infrastructure
Industrial (Industry) Cyber Security
Cyberattacks have the potential to disrupt our lives completely, and in instances where critical national infrastructure is attacked, they could disrupt the country’s entire economy, leading to loss of life and livelihoods.

Read more...
Cybersecure surveillance cameras
HiTek Security Distributors News CCTV, Surveillance & Remote Monitoring Cyber Security
Provision-ISR builds customer trust and opens up new opportunities with Check Point Quantum IoT Protect Firmware built into Provision-ISR cameras.

Read more...