Turning cybersecurity inside out

A user behavioural intelligence system can protect an organisation from its biggest security threat – the unwitting activities of staff


Enterprises are boosting their spending on the latest security solutions to protect themselves and their customers from data breaches. Spending on cybersecurity is expected to top $1 trillion from 2017 to 2021, according to the Cybersecurity Market Report.

Yet companies still face crippling data losses as sensitive information leaks out of their systems or is stolen by hackers.

It would be easy to assume that cyberattacks are highly sophisticated operations targeting the perimeter of these organisations. But most of these breaches occur through the simplest of paths – a vulnerable employee. According to the 2015 Verizon Data Breach Investigation Report, people are the root cause in 90 per cent of security incidents that result in data breaches.

This may be down to negligence where a member of staff has fallen for a phishing attack, opened a dodgy attachment or clicked on an infected file.

More worrying are malicious cases, where staff actively try to steal information from their companies. Staff may also fall foul of credentials thieves, bad actors either inside or outside the organisation trying to steal their identity. This allows data thieves to break into a network to steal information or intellectual property, or carry out acts of fraud in someone else’s name.

Most data security products focus on protecting the perimeter and keeping intruders out, but pay little attention to insider risks.

By using a system known as “user behavioural intelligence”, organisations can track the computer activities of their staff and use machine-learning algorithms to predict when they are likely to commit a data breach, innocently or intentionally. The system works by analysing the typical behaviour of users and looking for unusual activities or abnormal practices. The system predicts whether an abnormal activity is likely to lead to a data breach and informs the organisation.

The system acts as an early-warning system for breaches, identifying when an individual is behaving out of character in a way which could potentially lead to a data loss

If a user starts accessing a file or area of the network in contravention of the user policy, maybe at an unusually late hour or in a way is out of character for their natural behaviour, this will be quickly identified by the system. The organisation determines a scoring system for abnormal acts with the user behavioural intelligence provider and each unusual activity is scored as it happens. When the behaviour reaches a certain threshold, the system alerts the organisation that a potential data breach is likely. Remedial action can then be taken.

The system acts as an early-warning system for breaches, identifying when an individual is behaving out of character in a way which could potentially lead to a data loss. This is an effective way of keeping track of the activities of individual members of staff without compromising their privacy.

Dtex, a Silicon Valley-based company which is growing fast in the UK, has developed a sophisticated user behavioural intelligence system. It is lightweight for the user and effective for the organisation.

“One of the most significant enterprise security challenges is getting the visibility needed to defend against the wide range of insider threats, says Mark Coates, vice president, Europe, the Middle East and Africa, at Dtex Systems. “Our top priority at Dtex is helping enterprises eliminate insider threats by delivering real-time visibility and intelligence with an approach that is agile, scalable and seamlessly integrates with today’s modern security environments.”

The Dtex system uses a library of thousands of bad behaviours that enables it to create a baseline of what is acceptable digital behaviour to identify suspicious activities quickly.

Dtex works with the Williams Formula 1 team. This is an organisation that needs carefully to guard its core intellectual property, the design of its car, as well as data shared with their technology partners. The challenge is that this is a very transient industry employing a revolving door of highly paid designers, developers and engineers.

The cybersecurity system needs to keep all the data inside the organisation, as well as stopping users from bringing outside information into their network. The last thing a Formula 1 team wants is for an employee to bring intellectual property into the network from another team as this could open them up to massive liabilities. Using the Dtex system, such dangers are forestalled and any potentially dangerous digital behaviour is quickly identified and prevented.

User behavioural intelligence is evolving fast. The systems are increasing their contextual analysis and understanding of users’ intentions. Increasingly sophisticated machine-learning capabilities are allowing organisations to strike a better balance between privacy, productivity and their security.

The new generation of cybersecurity systems needs agile, lightweight tools. They must become increasingly accurate and focus on finding the right data rather than simply more data. They need to analyse staff both on and off the corporate network effectively, and they must be compliant with new privacy laws and the imminent European Union General Data Protection Regulation.

Dtex is developing fast and embedding new capabilities into its system. This offers organisations a rapid, agile and lightweight method of protecting data from the biggest threat – the unwitting activities of their own staff.

For more information please visit dtexsystems.com