Meet Ai3, the DTEX Risk Assistant. Fast-track effective insider risk management with guided investigations.



A Human-centric Approach to Operational Awareness and Risk Management.

Workforce Cyber Intelligence 104: Examining Protection Against External & Internal Threats

We’ve now crossed the halfway mark in our Workforce Cyber Intelligence blog series. While we’ve covered a lot of ground across our first three posts, there’s still plenty to come!

Last week, we shared the importance of user privacy and trust. This week, we’re shifting gears to examine protections for both employees and employers. Most people understand how collecting data on user behaviors through Workforce Cyber Intelligence benefits employers, but the benefits to employees are not as obvious.

Protection for the Employer

The employer-employee relationship is one of shared interest and trust. Employers depend on employees to produce or to perform, while employees expect compensation and respect at their jobs. If an employer is inclined to monitor its workforce, they should do so with the goal of protection to keep employees safe, to prevent data loss and to maintain operational resiliency.

Once big brother-like productivity monitoring and behavioral analysis tools are deployed across the enterprise, privacy and trust become valid employee concerns. As a result, team members may have questions, including whether the data gathered will be used to evaluate their individual performance and productivity. Today’s leading organizations recognize this invasive monitoring to be counterproductive, understanding that protection of sensitive data – not productivity monitoring – is the top priority.

Luckily, behavior analysis and workforce monitoring can coexist and even flourish alongside privacy and security to detect malicious insiders, as well as compromised and negligent users. Additionally, these insights can help to stop data loss stemming from external attacks against trusted employees, here’s how:

  • Highlighting anomalies to the baseline — it’s crucial to set a baseline for activity and to determine what’s standard, everyday behavior in order to spot differences when they occur. Identifying anomalies or “now versus then” means defining a baseline to serve as the standard to be compared against, which analysis can then provide reasonable feedback in any event.

When monitoring a system for policy violations, traditional solutions watch for certain events and activities (triggers) that may require more attention. For example, when prohibited software is discovered running or a user saves sensitive data to a portable flash drive. However, this approach doesn’t account for what may be normal or acceptable behavior for specific departments or job roles. This can lead to high volumes of false positives and require continuous maintenance of rules and special conditions.

By baselining user activity and identifying outliers, IT teams are empowered to reveal events that warrant actual attention. Unlike monitoring a system through network traffic and logs, monitoring user activity directly from endpoints reveals naturally occurring behaviors, routines and work habits. Only over time can those behaviors be shaped into what you could consider predictable or anomalous. That unique profile of working for individuals, roles and departments becomes a baseline from which outlier activities become readily identified.

  • Understanding threats to the employee – Profiling user behavior doesn’t require intrusive or invasive monitoring. However, to establish a baseline against which one can identify activity that doesn’t conform to an employee’s normal profile, one must collect some information. Fortunately, private user content is not collected, user identities can be anonymized, and Workforce Cyber Intelligence will still remain highly effective.

Having accurate and reliable user behavior intelligence lends itself to protecting both the employer and employee. Knowing what types of threats exist helps a company implement security controls to mitigate risk. Likewise, knowing the threats targeting personnel helps employees strengthen their own defenses. The key is looking holistically at risk from a behavior perspective to reduce analyst bias and preserve an employee’s fundamental right to privacy.

Protection for the Employee

To expand on this a bit more, Workforce Cyber Intelligence protects employees in many ways. This comes as a result of increased security awareness, smarter engagement and fewer violations or incidents and the corresponding interruptions. Having a clean and unalterable audit trail provides non-repudiation and defense for the employee – and on top of that – the benefit of protection against external threats.

  • Exonerating Employees from Malicious Activity – Employees are an attractive target to malicious actors and are subject to constant exploitation attempts. People, by their nature, want to be helpful and trusting. These are the underlying human traits that enable social engineering. The risk here has increased as a result of the COVID-19 pandemic and the shift to remote work at home. It’s crucial that security teams adapt to this new paradigm, accounting for the decreased effectiveness of network-based security solutions. Otherwise, they risk getting taken advantage of by bad actors.

However, there are a few ways in which Workforce Cyber Intelligence protects employees against these threats. Take for example, phishing attempts. Intelligent monitoring of user behavior can identify changes in user activity including unusual system access, mass downloads of files and abnormal file renaming. Workforce Cyber Intelligence understands that these activities are anomalous to a specific employee’s normal behavior based on past activity, their role and their use of that data.

Through an investigation, it can be determined that these activities began when the employee opened an email and attachment from an external sender and a PowerShell command was executed. Not only does this clear the employee of possible malicious activity, but it helps to quickly identify the external actor, malware and other rogue code that may now be on internal systems before exfiltration occurs. Workforce Cyber Intelligence greatly reduces the chances of any employee jeopardizing the company’s security posture and transforms the employee from the organization’s weakest link to its first line of defense.

Workforce Cyber Intelligence is not one-sided, it benefits both employers and employees for the various reasons outlined above. As a result, smart, forward-thinking and technology-first organizations are already seeking these solutions. That being said – there’s still more to learn as we blaze the trail that is Workforce Cyber Intelligence!

Interested in continuing this educational course? Check back in next week as we’ll be diving into how Workforce Cyber Intelligence is improving operational efficiency with workforce visibility to introduce opportunities for employees.

Can’t wait until then? You can always download the full Workforce Cyber Intelligence for Dummies eBook for additional insight now.