Blending technology and human skill can create a “watchful eye” within organizations that pinpoints troublemakers faster.

Researchers in government and industry are combining advanced analytics with traditional detective work to quash dangerous cyberthreats from within. Instead of focusing on a silver-bullet solution to stop the insider threat, they are adopting an approach that consolidates information from multiple events to provide greater advanced warning of problems.

For roughly a decade, the U.S. Defense Department and related agencies have struggled to contain insider cyberthreats. A few watershed breaches have happened in recent years, but they are far from isolated. As a result, defense leaders have attempted to institute policies that incorporate oversight principles while recognizing user privacy concerns. But progress toward a complete, proactive and robust program has remained slow.

Overall, the federal government has approached this problem in a relatively piecemeal fashion. In 2012, the White House established the National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs, which outlined agency requirements as dictated by the National Industrial Security Program Operating Manual (NISPOM). Among the requirements were designating an insider threat senior official; conducting self-assessments of internal threat programs; training program personnel and raising general threat awareness; and monitoring network activity.

The military has deployed its own protective measures. The U.S. Navy, for example, in March launched the Random Counterintelligence Polygraph Program, which subjects privileged users and higher risk personnel to random polygraph tests. The idea is to deter individuals with malicious intent who are authorized to access classified information, networks and systems.

Unfortunately, the silver-bullet solution remains elusive. The scope and complex dynamics of insider attacks demand a far more intricate and comprehensive response. The limitations of the policies and programs described here make this clear. These policies and programs represent steps in the right direction, but they reflect a check-box approach that can lead to complacency. Agencies can lapse into a “policy blindness” mindset that deceives them into a false sense of security.

Take the random polygraph program, which is based on technology that is far from foolproof. Its lack of context fails to address the phenomenon of “accidental insiders.” These are users who are entirely unaware of how their risky behaviors—sharing passwords, leaving laptops open in plain view in public places and clicking on links sent by suspicious parties—place their networks in jeopardy. Negligent employees account for 52 percent of data loss issues, while malicious employees cause just 22 percent, according to the SANS Institute.

Another hindrance involves reliance on traditional, narrowly focused user behavior analytics (UBA). Security teams create baselines for normal user behavior and then apply algorithms and statistical analysis to distinguish anomalies from what is “normal”; anomalies suggest potential threats. The problem with this approach is that UBA only alerts security teams to a single threat-related event: for example, an employee’s unauthorized access of sensitive data.

Fortunately, a more holistic strategy—one that combines the human capacity for gumshoe-type inquiry with the science of analytics—is beginning to take hold. Today, through continuing research, organizations are examining numerous data sets well beyond those related to single events and turning to expanded analytics to better manage threats. They are becoming better positioned to counter insider threats through the four D’s: defend, detect, decide and defeat.

See how CyberCore’s COREPROTECT solution can provide holistic Insider Threat visibility and mitigation for your organization using a defense-in-depth methodology.

Reprinted from SIGNAL Magazine, Valez, D. (2016, July), “New Analytics Research Could Help Thwart the Insider Threat,” with permission of Signal Magazine. Copyright (2016). All rights reserved.