Insider threats are one of the most significant risks to modern businesses. The past decade has seen considerable advances in external threat prevention technology, meaning organizations today are better equipped than ever to protect themselves from cybercrime. However, with insider threats on the rise, the need for improved internal threat prevention has become startlingly apparent.
User and entity behavior analytics (UEBA) solutions have fast become the gold standard in insider threat prevention, detecting and analyzing anomalous user and entity behaviors in an organization’s system or network and alerting security teams. They utilize various data sources such as log files, network traffic, and user activity logs to establish a baseline of normal behavior for individuals and entities, then alert security teams to deviations from that norm.
However, while UEBA tools are undoubtedly effective, organizations must recognize that they are not a set-it-and-forget-it solution. Security teams must supplement their UEBA solutions with positive deterrence initiatives, security awareness training, and other cybersecurity tools.
This article will examine positive deterrence and how it can supplement UEBA solutions to reduce insider risk.
What is Positive Deterrence?
Positive deterrence is a security and criminology concept that encourages individuals to refrain from engaging in harmful or illegal activities by creating positive incentives and promoting personal responsibility. It aims to prevent wrongdoing by fostering a supportive and secure environment rather than relying solely on punishment. From a cybersecurity perspective, security teams could incorporate positive deterrence into their security awareness training initiatives.
Effective positive deterrence initiatives must include the following:
- Incentives and Rewards: Positive deterrence emphasizes using incentives and rewards to encourage desirable behavior. By offering benefits, recognition, or opportunities for advancement, individuals are motivated to make choices that align with the organization’s goals and values.
- Education and Awareness: Positive deterrence involves educating individuals about harmful behavior’s potential risks and consequences. By raising awareness and providing knowledge about the impact of their actions, individuals can make informed decisions and understand the benefits of adhering to rules and regulations.
- Trust and Relationships: Building trust between individuals and the organization is crucial for positive deterrence. When individuals feel valued, respected, and supported, they are more likely to act in ways that align with the organization’s interests. Positive relationships and effective communication contribute to a culture of accountability and responsibility.
- Empowerment and Engagement: Positive deterrence encourages individuals to take ownership of their actions and actively contribute to maintaining a secure environment. By empowering individuals through training, involvement in decision-making processes, and giving them a voice, they become stakeholders in security and are more likely to take responsibility for their actions.
- Proactive Measures: Positive deterrence focuses on proactive measures to prevent misconduct. It emphasizes implementing preventive strategies such as security awareness programs, regular risk assessments and controls that discourage individuals from engaging in harmful activities.
Why Supplement UEBA with Positive Deterrence?
As we’ve already established, UEBA solutions are the first choice for many organizations seeking to reduce insider risk. However, UEBA solutions are invasive by nature and, without positive deterrence initiatives, could easily disgruntle employees and even motivate staff to become insider threats.
More than anything, organizations must convey what a UEBA solution is and why they are using one. Doing so will nip any sordid rumors in the bud and ensure that staff are clear on what the organization uses the collected data for. It’s imperative to reassure employees that the data collected for UEBA solutions is solely for security purposes and will never reach the HR department or be brought up in performance reviews. Staff don’t want to feel like their employer is always looking over their shoulder; the days of the panopticon are long gone, and organizations must not use cybersecurity as an excuse to bring it back.
Similarly, organizations that choose to implement UEBA must supplement it with positive deterrence; UEBA implementation will have a negative impact on employee goodwill, and organizations must address that. Positive deterrence initiatives work to rebuild employee goodwill and ensure that staff feel valued and that their efforts don’t go unnoticed.
Essentially, UEBA solutions prevent insider threats as and when they occur, but positive deterrence prevents them from happening at all. This prevention is incredibly valuable for security teams. Whenever a security team must investigate or mitigate an insider threat, that’s a drain on their time and resources, even if they’re using an automated solution like UEBA. It is far more time and cost adequate to stop insider threats at the source with positive deterrence.
As insider threats continue to pose a significant risk to organizations, it is crucial to supplement UEBA solutions with positive deterrence initiatives. While UEBA tools effectively detect and analyze anomalous behaviors, organizations must proactively foster a supportive and secure environment to prevent insider threats from occurring in the first place. Positive deterrence strategies, such as incentives, education, trust-building, empowerment, and proactive measures, work with UEBA to promote responsible behavior and mitigate insider risk. By combining these approaches, organizations can strengthen their security posture, reduce the likelihood of insider threats, and save valuable time and resources that organizations would otherwise spend on incident response and mitigation.