Profiling Analytics to Combat Insider Data Theft

Izenda Tech Blog logoState-sponsored cyberattacks and criminal gangs constantly pose external threats to online security for companies worldwide. However, what happens if the “enemy,” as the old cartoon strip character Pogo would say, is “us?”

Financial services giant Morgan Stanley learned that lesson recently in a high-profile case of insider data theft. The company fired an employee in its wealth management division who they say stole “partial client data,” with the account information of about 900 clients “briefly posted on the Internet.” The breach did not include Social Security numbers or account passwords, the company said.

Few Companies Take Extra Steps

Companies have long set up firewalls and other defenses to protect their internal data from external theft. Security inside the company is a different matter. While companies use firewalls, identity access management and intrusion detection technologies with their workers, few companies take the extra steps to ensure stronger security.

The Wall Street Journal recently reported on profiling employees’ digital work activities as another component of company security. Profiling analytics “may be the best bet in preventing data theft by internal employees gone rogue,” according to the article. However, one analyst told The Journal that fewer than 100 companies use such technology.

How Profiling Could Be Used

For example, profiling analytics could alert IT to major changes in how an employee is using company records. If the worker averages accessing 50 company files a day and that number skyrockets into the hundreds of thousands of records, then something could be amiss. Profiling technology could also flag potential problems by comparing the worker’s search records to those of co-workers. Or if the worker is accessing data that is off-limits or not related to their job, such technology could alert IT security.

In the Morgan Stanley case, the former employee reportedly went through the account records of some 350,000 of the firm’s clients. The company has declined to comment on what security safeguards it had in place.

Profiling Normal Behavior to Find Abnormal

The start-up Fortscale Security Ltd. uses “machine-learning algorithms to search for anomalies in employees’ computer work activities.” “Only by profiling what is normal behavior can you spot abnormal behavior,” CEO Idan Tendler, who is a former agent of Israel’s cyberwarfare group, told The Journal.

When thinking of insider data theft, one logicially thinks of Edward Snowden, the former National Security Agency contractor who stole and later disclosed government secrets about electronic surveillance. It’s not surprising that Tendler has been getting more calls since Snowden went public in 2013.

With such cases of insider data theft getting major attention, expect more companies to focus on solutions to protecting their data.

Get modern, embedded — and secure – self-service reporting in your business applications with Izenda.