Join our panel during Black Hat 2024 – Blurred Lines: Investigating the Convergence of Internal and External Threats



Insider Risk Insights - DTEX Blog

Workforce Cyber Intelligence 106: Nine Workforce Cyber Intelligence Use Cases

Over the past few weeks, we’ve learned all about the benefits of Workforce Cyber Intelligence. This allows organizations to learn from user and workforce behaviors to lower cybersecurity risks, improve operational efficiency, inform operational planning, and maximize IT investments without invading the privacy of employees.

For the final post of this series, we will explore how this novel approach to learning from employees enables informed business decisions by exploring the following nine use cases:

Protection from Insider Threats

Every organization has valuable assets and data that they need to protect. However, most companies focus on controls and security measures designed to stop threats from external adversaries – those outside the trusted network. But what about insider threats?

An insider threat is the risk of a security incident from a person or entity within your company. This can be an employee taking trade secrets to a new employer, a malicious insider wishing to harm the organization, or it could be a “good” employee putting company data at risk inadvertently. Since these users often have legitimate access to the information organizations strive to protect, controls for the detection of insider threats may be limited.

The goal of any defense is to stop an attack before it is completed. The “kill chain”, a military term for targeting and destroying enemy forces before and during an engagement, has been adopted by cybersecurity professionals to describe each step an attacker must complete as part of a breach. For insider threats, the kill chain includes reconnaissance, circumvention, aggregation, obfuscation, and exfiltration.

Unlike legacy solutions, Workforce Cyber Intelligence identifies patterns of behavior that indicate suspicious or malicious intent at each step of the Insider Threat Kill Chain to prevent successful breaches.

Remote Worker Security

When COVID-19 forced the virtual, Work-From-Home (WFH) model to become the norm in the spring of 2020, organizations were forced to reassess how they support the cyber safety of their employees and the security of their sensitive data without the protection of a firewall or network proxy.

The broad use of personal devices (BYOD) and non-corporate networks introduce additional security risks that expand organizational attack surfaces and weaken security posture. So too has the adoption of non-standard, and questionable browsers.

Workforce Cyber Intelligence allows IT and cybersecurity teams to monitor and analyze workforce behavior – even off the corporate network – to establish baselines that can then be monitored in real-time, without invading employee privacy. In turn, this information reveals precursors to a breach such as downloading password cracking tools and unusual access to network file locations (reconnaissance), downloading TOR browsers (circumvention), and changing file extensions (obfuscation). It can also uncover anomalous activities that could be signs of credential compromise by an outside threat or simple carelessness that suggests more training is necessary. This level of visibility is vital to corporate security, risk, and compliance programs when traditional network-based technologies are often useless.

Data Loss Prevention (DLP)

Data Loss Prevention tools help counteract efforts by employees to exfiltrate protected data. Unfortunately, DLP controls are reactive, only stopping attacks at the last point in the kill chain. The inability to predict or infer when data loss will happen means that organizations are only alerted when a known activity of a previously identified employee or a person of interest (for example, contractors) triggers their attention.

If you suspect data loss and wish to prevent it, you need to deploy a Workforce Cyber Intelligence solution to identify behaviors that indicate malicious intent long before DLP measures are triggered. In turn, this provides the digital forensic audit trail required to understand the user’s intent.

GDPR, HIPAA, and Privacy Compliance

Regulatory requirements surrounding privacy have become the norm in recent years. Specific examples governing the protection of Personally Identifiable Information (PII) and Personal Health Information (PHI) include the General Data Protection Regulation (GDPR) in the European Union (EU), HIPAA and the California Consumer Protection Act (CCPA) in the US, and the Privacy Act and PIPEDA in Canada.

Workforce Cyber Intelligence identifies early indicators of malicious activity – before a compliance violation occurs. By watching how applications and data are used in context with the user’s role and past behavior, security teams can correct innocent mistakes that could result in violations and block adversaries early in the kill chain.

The best part? This solution can be deployed in a privacy-compliant manner, where user information is anonymized until a reasonable cause is reached for “unmasking” users for further investigation.

Workforce Awareness & Wellness

It’s important to distinguish legacy workforce monitoring solutions centered on employee observation from Workforce Cyber Intelligence. When the more conventional model of employee monitoring is used, employees naturally feel questioned or even untrusted and wellness is rarely part of the output analysis. The invasive surveillance methods these solutions often employ raise privacy concerns as well.

Workforce Cyber Intelligence reveals the “blind spots” of the traditional approach presenting an alternative that maintains trust and a level of mutual protection while delivering the organization’s workforce awareness and visibility. Unlike its predecessors, Workforce Cyber Intelligence collects minimal but crucial data, anonymizes the data, and strictly controls access to the data, only alerting teams when evidence points to an active threat.

Today’s distributed, mobile, and digital enterprise makes keeping a wellness pulse on the workforce extremely challenging. Workforce Cyber Intelligence makes it possible to maintain awareness of employee wellness by monitoring digital work-related behavior, activity, and engagement without invading personal privacy. This intelligence helps IT, HR, and risk teams understand if, when, and how employees are being overworked and need additional training, and what systems are necessary to support day-to-day responsibilities.

Informing Financial and Operations Planning

Data is at the foundation of every financial exercise, including workforce expansion, productivity tools investment strategies, and tax planning. This data often comes from revenue projections, capital expenditure and operating expense statements, and hiring manager input.

Workforce Cyber Intelligence adds information on observed behavior into the financial and organizational planning process by providing visibility into workforce activities and employee choices. This enables Finance and HR teams to analyze human capital utilization trends against requests for additional staff, measure reported shortfalls in productivity against asset usage and employee engagement metrics and identify investment opportunities based on which teams are delivering beyond expectations.

Optimal Asset and License Utilization

Asset management, software license management, and even employee productivity solutions are staples in every IT organization’s toolbox. They offer effective mechanisms for tracking how, when, and where employees are utilizing IT assets such as machines, devices, and software licenses. At first glance, it may seem like your current solution is providing the whole picture, but it’s missing something critical.

Workforce Cyber Intelligence provides insight into why employees use enterprise assets by providing contextual intelligence related to employee behaviors and activities. This helps IT and procurement teams analyze the human habits that drive and disrupt workflows to gain a better understanding of what’s working, what’s not working, and how they can adapt their strategies to support a more productive and higher-performing workforce.

Employee Engagement

Workforce Cyber Intelligence offers leaders, HR teams, and employees a new way of tracking engagement in today’s virtual workplace. Gone are the days when managers and HR teams could simply interview candidates in-person, meet regularly for lunch to discuss projects, and sit in a conference room to perform quarterly performance reviews. Traditional people management models were aging out long before COVID-19. Likewise, many other methods of collecting employee feedback have been rendered out of date and less effective in today’s digital workplace.

Behavioral intelligence helps employees become aware of how they spend their time, what applications they use most, and how they compare to their peers. For leaders and HR professionals, this intelligence provides important and useful insights as they analyze team performance, help employees identify professional development opportunities, and create hiring and organizational growth strategies.

Reducing Legal Liability

Traditionally, employees are expected to conduct personal activities on personal time. But when the line between work hours and personal time is blurred, employee behaviors can trigger bigger issues than just declining engagement and productivity at work. Behavior raising high levels of liability against the corporate brand, fellow employees, or boards of directors like browsing adult sites, visiting the dark web, or trading personal novelties can’t be tolerated – so how can an employer strike a balance between protecting corporate information and employee privacy?

Workforce Cyber Intelligence can discover and collect the information necessary to stop the liability, even while protecting employee privacy, so personal behaviors that put an organization at risk can be addressed.

Do any of these use cases apply to your organization? Interested in diving in deeper to explore how Workforce Cyber Intelligence can benefit your organization? We would love to hear from you! Feel free to reach out to me at [email protected], follow us on LinkedIn or contact us on Twitter at @DtexSystems to spark a conversation.

In the meantime, check out our latest Workforce Cyber Intelligence case studies and some real-world examples of how organizations are benefitting from DTEX’s solutions.

You can always download the full Workforce Cyber Intelligence for Dummies book.