Data analytics and the battle to stop insider threats

Insider threats are a big problem for government, but can be thwarted with analytics. Flickr image by Mike MacKenzie

Bloomberg Government reported in the 2017 fiscal year that federal agencies could commit more than $1 billion on countermeasures for insider threats. Whether that number turned out to be accurate or not, it highlights the priority that the federal government is placing on protecting its information and data from being infiltrated…from the inside.

Insider threats remain one of the biggest issues for government information security. These threats not only come from employees that use or sell their access to information for personal gain, but from staff that mismanage data in ways that put it at risk.

Analytics to thwart insider threats

Insider threats present a multi-tiered problem for agencies without a clear answer. Like most large governmental problems, removing, or even greatly reducing, insider threats will take a range of solutions, tools and policies across many levels of government.

Analytics can be one of those solutions, reducing insider threats through a number of techniques, including:

  • Anomaly detection. This uncovers abnormal patterns in user behavior. Agencies can gain an understanding of what constitutes normal behavior, and identify instances when a user’s activity strays too far from that baseline.
  • Rules-based filtering. Unlike traditional rules-based approaches that can suffer from rampant false positives, an analytics-based method weighs the pertinence of possible anomalies. Instead of sending an alert every time something seems off, the system can decide its value, adding business context to prioritize potential risks.
  • Predictive models. As its name suggests, predictive modeling looks at past data to find trends for the future. This is not just identifying past patterns, but using information about past behavior and applying it to new information to make assessments.
  • Network analysis. Network analytics detects patterns and connections that indicate potential new threats or collusive behavior. The system can notify analysts as soon as a new threat occurs, allowing investigators to focus their attention on the most serious issues.

These analytics tools can provide government officials with information and visibility into nefarious activity. This information can be used to guide decisions, support policy changes, and empower analysts to get to the heart of insider threat activity.

Learn more about how analytics can safeguard organizations from insider threats.

Using Data for Good

The role of analytics in government was a key talking point at the recent SAS Federal Open House. Not only in relation to how analytics can help reduce insider threats, but how using analytics for this task fits into the greater movement to use government data for good.

Analytics have traditionally been seen as a way to save money and improve operations, but they can provide valuable insights into almost every aspect of government work. Insider threats are a perfect example. By using analytics to reduce insider threats federal agencies can spend less money recovering from large cybersecurity breaches.

While it is difficult to find exact numbers, it is believed that the breach at the Office of Personnel Management will cost the government more than $1 billion. Breaches are expensive, not only to try to make the victims whole, but to repair obviously broken systems. Data analytics can provide a valuable tool in helping discover and mitigate insider threats, and their costly consequences.


About Author

Jen Dunham

Manager, Customer Advisory Global Technology Practice

Jen leads a team of specialized experts in technology, data science and analytics transformation that focus on helping SAS clients leverage cloud analytics and innovative business outcomes. The Global Technology Practice (GTP) helps organizations realize their advanced analytic strategy through innovation labs that highlight the value of SAS Viya. The team specializes in the Analytics Lifecycle, bridging the gaps between data through decisioning, data science and analytics. Jen holds the CFE (Fraud Examiner) certification from Association of Certified Fraud Examiners (ACFE), with subject matter expertise in Defense, Intelligence and Law Enforcement. Jen served seven years Active Duty Army as an All-Source Intelligence Analyst, following two decades of work with various government agencies leveraging her investigative analytic skills to assist national and public security organizations adopt analytic technologies and employ advanced analytic tradecraft.

Leave A Reply

Back to Top