Menu

Professional    Learning    Academy

From the experts in Telecommunication, Cyber Security, Big Data and IoT

icon icon

Learn Cellular Wireless communication technology, its architecture and management

icon icon

 

Learn construct of Information security management system in a simple way

icon icon Learn application of Big data analytics in Internet of things domain

Why do we need people risk assessment for cyber defence

The recent technology advancement has raised the cyber threats to new level. And hence the technology for cyber threat management has also evolved. If data science and artificial intelligence technology is used for SocialMobilityAnalyticsCloudIoT (SMACI), the same is also used to manage the cyber threats.

But, can we win the war against cyber threat actors with technology deployment alone. Look at the following incidents:  

  1. data breach in Bupa caused the leakage of personal details of 547,000 customers who signed up to their international health insurance plan. The Culprit? A Rogue Worker
  2. Another example resembling the people risk is the instance of Alphabet, Google's Parent Company. It filed the lawsuit again its former employee Anthony Levandowski, who is now working with Uber. He has the accusation of copying more 14000 internal files and taking it to his new employer.

Although the case is far from getting its final verdict, yet there is an intense urge to discuss how to identify such insider threats and perform their risk assessment.

 

The industries with dedicated budgets for tackling security breaches are financehealthcare and education. All of these industries suffer extremely from insider attacks, from stealing sensitive medical information to loss of money.

While talking to few of the industry veterans, I found out that although  they knew about insider threats, but doing very little about it. All of us equivocally believe that internal employee  is the biggest risk for information breach. Then why not we focus on building the culture of ‘BE AWARE and BEWARE’.  Security is a team work, let alone CISO can do nothing.

Why people risk assessment is must for Organization

   •     Undetection of insider threats for an indefinite period. The longer duration it takes to detect a security breach, higher will be the remediation cost. Identification of insider threats is a difficult task, that why the cost incurred in it is quite expensive.

   •     Differentiation between abnormal and normal activity. This aspect is quite challenging as its discovery is not a piece of cake. If your employee is working with some sensitive data, it will be tough for you to say whether he is performing a malicious activity or not.

   •     Wrapping of mistake for deception. A tech guy who knows his stuff will try to conceal his abnormal action by doing some manipulation with log files.

   •     Rigidness in proving guilt. Suppose if you found the culprit, they can make an excuse that they did it by mistake and will go easily without getting their deeds punished. Such case is impossible to prove for guilt.

Take this moment to think. "How much irresistible your company does look to mischievous insider "

Really knowing your employees on your team will help you in determining behavioral patterns which can improve your cybersecurity. Being aware of your workers' behavior enables you to manage their risk to your business. You don't need to monitor every minute detail but an assessment will safeguard your cybersecurity.

What to do to ensure protection

   •     Training of staff on a regular interval to build robust security culture.

   •     Consistent People Risk Assessment also ensures the weakest link to become stronger.

   •     Introduction of strong and robust security policies to take care of unpredictable danger.

   •     Eradication of communication barriers between different departments of your organization by doing team-building activities.

The crown jewel of your insider threat detection and safeguarding arsenal is people risk assessment software. Such tools allow you to check any potential danger in its original context and see exactly what occurred – whether it was a malicious action, inadvertent fault, or nothing at all.

Being an advisor at Kratikal Technology, while envisioning our product strategy, we felt this is a less addressed area of cyber security and came out with a product called People Risk Assessment.

I invite you to test our product  for your organizational people risk assessment, follow through actions, awareness campaigns through our unique Software BOT  based on AI and finally enahance your SOC capability through its plugin

Pl do reach me at kn.basudevan@kratikal.com or rankone visit our  People Risk Assessment page for setting up a demo.

Go Back

Comment

Blog Search

Comments


Blog Archive