Page 74 - Cyber Defense eMagazine December 2023
P. 74
Monitoring bias affects how businesses analyze insider risks, resulting in errors that can prevent
identifying potential threats. This type of discrimination comes in many forms:
1. Unequal Monitoring: Monitoring specific members of your organization without holding others to
the same standard can result in low visibility of vulnerabilities that, when spotted, can prevent
insider threats.
2. Selective Attention: Concentrating on specific actions or behaviors instead of considering other
risk indicators.
3. Attribution Bias: Judging specific employees or departments as presenting a heightened or
lowered risk for an organization without considering their behaviors is attribution bias. This leads
to inaccuracies when developing risk profiles.
4. Group Identity Bias: Stereotyping employees and assuming they present a higher risk based on
their backgrounds can generate inaccurate assessments of their level of risk.
5. Confirmation Bias: Monitoring bias can cause organizations to believe data that supports
preconceived assumptions is far more trustworthy than it is, resulting in a lack of focus on
contradictory information.
These biases can inadvertently make security teams fail to see risky activities from other employees,
partners, or threat actors. The Intelligence and National Security Alliance finds that unfounded monitoring
of individuals due to biases can lead to issues like:
• Increased risk from unfounded confidence due to threat hunters and SOC teams concentrating
on the wrong issues and individuals.
• Wasted resources from spending too much time observing the wrong users due to biases.
• Legal liability if protected groups are wrongfully monitored due to biases or privacy laws are
violated.
• Reputational damage due to unfavorable news reports because of biased investigations.
Legacy Approaches Don’t Address Bias
Older, legacy Data Loss Prevention and Insider Risk Management solutions use dated blueprints to run
locally within organizational firewalls. These solutions often only utilize keystroke logging, screen
recording, or web monitoring for users individually, therefore losing sight of the “bigger picture” and
promoting bias.
Cyber Defense eMagazine – December 2023 Edition 74
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.