Bloomberg Government reported in the 2017 fiscal year that federal agencies could commit more than $1 billion on countermeasures for insider threats. Whether that number turned out to be accurate or not, it highlights the priority that the federal government is placing on protecting its information and data from being infiltrated…from the inside.
Insider threats remain one of the biggest issues for government information security. These threats not only come from employees that use or sell their access to information for personal gain, but from staff that mismanage data in ways that put it at risk.
Analytics to thwart insider threats
Insider threats present a multi-tiered problem for agencies without a clear answer. Like most large governmental problems, removing, or even greatly reducing, insider threats will take a range of solutions, tools and policies across many levels of government.
Analytics can be one of those solutions, reducing insider threats through a number of techniques, including:
- Anomaly detection. This uncovers abnormal patterns in user behavior. Agencies can gain an understanding of what constitutes normal behavior, and identify instances when a user’s activity strays too far from that baseline.
- Rules-based filtering. Unlike traditional rules-based approaches that can suffer from rampant false positives, an analytics-based method weighs the pertinence of possible anomalies. Instead of sending an alert every time something seems off, the system can decide its value, adding business context to prioritize potential risks.
- Predictive models. As its name suggests, predictive modeling looks at past data to find trends for the future. This is not just identifying past patterns, but using information about past behavior and applying it to new information to make assessments.
- Network analysis. Network analytics detects patterns and connections that indicate potential new threats or collusive behavior. The system can notify analysts as soon as a new threat occurs, allowing investigators to focus their attention on the most serious issues.
These analytics tools can provide government officials with information and visibility into nefarious activity. This information can be used to guide decisions, support policy changes, and empower analysts to get to the heart of insider threat activity.
Learn more about how analytics can safeguard organizations from insider threats.
Using Data for Good
The role of analytics in government was a key talking point at the recent SAS Federal Open House. Not only in relation to how analytics can help reduce insider threats, but how using analytics for this task fits into the greater movement to use government data for good.
Analytics have traditionally been seen as a way to save money and improve operations, but they can provide valuable insights into almost every aspect of government work. Insider threats are a perfect example. By using analytics to reduce insider threats federal agencies can spend less money recovering from large cybersecurity breaches.
While it is difficult to find exact numbers, it is believed that the breach at the Office of Personnel Management will cost the government more than $1 billion. Breaches are expensive, not only to try to make the victims whole, but to repair obviously broken systems. Data analytics can provide a valuable tool in helping discover and mitigate insider threats, and their costly consequences.