Page 74 - Cyber Defense eMagazine December 2023
P. 74

Monitoring  bias  affects  how  businesses  analyze  insider  risks,  resulting  in  errors  that  can  prevent
            identifying potential threats. This type of discrimination comes in many forms:




               1.  Unequal Monitoring: Monitoring specific members of your organization without holding others to
                   the same standard can result in low visibility of vulnerabilities that, when spotted, can prevent
                   insider threats.
               2.  Selective Attention: Concentrating on specific actions or behaviors instead of considering other
                   risk indicators.
               3.  Attribution Bias: Judging specific employees or departments as presenting a heightened or
                   lowered risk for an organization without considering their behaviors is attribution bias. This leads
                   to inaccuracies when developing risk profiles.
               4.  Group Identity Bias: Stereotyping employees and assuming they present a higher risk based on
                   their backgrounds can generate inaccurate assessments of their level of risk.
               5.  Confirmation  Bias:  Monitoring  bias  can  cause  organizations  to  believe  data  that  supports
                   preconceived  assumptions  is  far  more  trustworthy  than  it  is,  resulting  in  a  lack  of  focus  on
                   contradictory information.



            These biases can inadvertently make security teams fail to see risky activities from other employees,
            partners, or threat actors. The Intelligence and National Security Alliance finds that unfounded monitoring
            of individuals due to biases can lead to issues like:


               •  Increased risk from unfounded confidence due to threat hunters and SOC teams concentrating
                   on the wrong issues and individuals.
               •  Wasted resources from spending too much time observing the wrong users due to biases.
               •  Legal  liability  if  protected  groups  are  wrongfully  monitored  due  to  biases  or  privacy  laws  are
                   violated.
               •  Reputational damage due to unfavorable news reports because of biased investigations.



            Legacy Approaches Don’t Address Bias

             Older, legacy Data Loss Prevention and Insider Risk Management solutions use dated blueprints to run
            locally  within  organizational  firewalls.  These  solutions  often  only  utilize  keystroke  logging,  screen
            recording,  or  web monitoring  for  users  individually,  therefore  losing  sight  of  the “bigger  picture”  and
            promoting bias.












            Cyber Defense eMagazine – December 2023 Edition                                                                                                                                                                                                          74
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   69   70   71   72   73   74   75   76   77   78   79