Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

U Behave Yourself… or consider User Behavior Analytics

Written by Damon Tompkins

March 9th, 2017

Get a load of this: an alarming 57 percent of Americans believe that they know as much, or more, about cybersecurity as their IT Directors, according to a comprehensive survey conducted on behalf of Blumberg Capital. This same group of individuals reported that keeping their work passwords secure (10 percent) is only a little more important than keeping their online dating passwords secure (9 percent). Shiver me Tinders! And for what it’s worth, only 7 percent reported that keeping their online nude photos secure was important (well, at my age I’m not sure who would want them anyways. But I digress.)

Survey responders also reported that changing their password was the best remedy after a cyberattack, which is something most never do unless they have forgotten what it is (and even then, most only change it to a variation of the original—say, Password1* to Password2*—so most hackers can guess it in eight tries or less). Moreover, 45 percent of survey responders admitted that they wouldn’t know that they have been affected by a cyber-crime unless they were informed by a vendor or by government authorities.

Now the point of quoting all of these statistics isn’t to put the spotlight on how much end user education needs to be done; after all, we’ve tried that for years and it doesn’t work. Most workers see tasks associated with security as getting in the way of their productivity or if we are being honest, they’re just being lazy.

So, it’s no wonder that the weakest link in any security story is human.

This makes it abundantly clear that the job of keeping the enterprise safe belongs to IT, the CIO and, ultimately the CEO. This in a world where not only hackers from without and within, but also opportunistic contractors, are actively going after the lifeblood of your company.

While the responsibility for protecting the enterprise is a huge burden to place on one individual, team, or department, there are great strategies and tools available that equip these managers with super powers.

Mitigating risk is a good place the start, and some tools are available at low or no cost. For example, business users might be very willing to check the strength of their passwords if it is easy and free.

IT can take control of vulnerable passwords with weak password finders as well as by setting rules around LUA (least-privileged user account), which dictates that all user accounts at all times, on all endpoints, should run with as few privileges as possible, and also launch applications with as few privileges as possible. Tools like Thycotic’s Endpoint Privileged Access Security (EPAS) Suite can make this easy.

Risks from super user accounts, system administrator accounts and others who have privileged access can be mitigated via privileged account management tools that are available both on-premises and in the cloud.

While solutions like these are vital, understanding user behavior and anomalies is essential if you’re going to catch a criminal in the act, before the damage is done. This is where User Behavior Analytics (UBA) comes into play. The best solutions leverage big data analytics to baseline user behavior, they then throw up red flags when abnormal behavior occurs.

The abnormal behavior is detected via running sophisticated analytics and algorithms against streaming data feeds and then displaying the findings in a user dashboard. That way if an information security analyst or systems administrator discovers, for example, that the CFO is checking account balances and transferring funds at 3 AM Monday morning, security might look into why this unusual behavior is occurring.

If the CFO happens to be traveling in Europe, then that may be just fine, it’s the beginning of the work day there. But if the CFO is in town and typically doesn’t log in after 6 PM, there could be a problem–something that warrants a closer look.

Of course figuring all of this out takes time and, in a perfect world, an imposter CFO would be stopped before he got a look at the bank account. This is what the next generation of UBA tools will do. And we’re almost there, but there’s a fine line involved that only enterprise cyber security officers and vendors working together can define. How much risk do you want to take? Every organization needs to figure out at what point a user needs to be blocked.

As for those online photos, you should consider JBY. Just Behave Yourself 😉


Like this post?

Get our top blog posts delivered to your inbox once a month.