Monitoring User Behavior

Monitoring  is one area where CIOs need to step up their game, said Jay Heiser, Research Vice President with Gartner, Inc.   Many organizations have been putting more effort into “locking the doors,” he said, than in detecting whether those doors have been circumvented.   “It feels good to put more locks on the doors, but if someone comes in through the windows, what’s the point?” he asked. “If there is any change based on this year’s dramatic failures, it’s a renewed appreciation for the benefits of monitoring.”   Some organizations are taking advantage of behavioral intrusion detection programs that look for anomalies in the way users work in systems.   IT must have a good handle on what is considered normal baseline behavior so it can look for a spike in activity that might be a sign of something malicious happening.

If you normally have 5,000 logins a week and you suddenly see 15,000, you have to drill into that to figure out what’s going on,” Media Ocean’s Baker said.  In the past, a small, temporary spike in activity might be shrugged off as a blip, but these days, CIOs are scrambling to investigate anything remotely unusual. In many cases, it’s not about preventing or addressing the obvious hack, it’s about trying to sniff out the subtle attack that may go undetected.

“You are less likely to see a little spike and say, ‘Let’s wait and see if it reoccurs,'” Baker said. “You have to take any spike in activity and think, ‘This could potentially be something going on.'”

The question then becomes, how can an organization without the appropriate resources and/or skill sets keep up?  In most cases they can’t or in most all cases it makes more financial sense to look for outside help. Many companies — particularly small and medium-sized businesses that may not have the resources to hire on-site IT security specialists — are seeking help from third-party security contractors.

Security savvy and compliance conscious organizations use outside security service providers for intrusion detection and other security assessments, including regular attempts to hack into the system in a controlled manner.  These outside security services companies are trying to find anything that’s publicly exposed that could be an entryway.  It’s highly recommend that aside from what an organization does on its own, they need a third party to perform tests. You live just in your world, but they live and breathe security.

Sign up for our Newsletter

Receive weekly emails for the latest cybersecurity news

Expand your team with Foresite

Enterprise-level cybersecurity and risk management for mid-sized businesses. Prioritize your security tasks and reduce the complexity of cybersecurity.