Page 56 - Cyber Defense eMagazine January 2024
P. 56
Addressing Bias in Insider Risk Monitoring
By Chris Denbigh-White, Chief Security Officer, Next
Preventing the loss of sensitive information can be difficult for organizations. Enterprises often take
similar steps to protect data from internal and outside threats, where teams analyze activities to identify
potential risks. Security operations centers (SOCs) defending against these threats must look at
employees, partners, and threat actors through a similar lens to pinpoint potential data leaks. However,
when surveilling for insider threats, there is the added concern of potential bias.
Defining Monitoring Bias
Monitoring bias is the unfounded, often discriminatory observation of specific employees or departments
irrespective of their conduct. This can generate unsupported, negative conclusions about the credibility
and trust an organization should have about an employee or department, resulting in intrusive monitoring.
Conversely, it can lead to data leaks if biases prevent other employees from being adequately monitored.
Monitoring bias affects how businesses analyze insider risks, resulting in errors that can prevent
identifying potential threats. This type of discrimination comes in many forms:
1. Unequal Monitoring: Monitoring specific members of your organization without holding others to
the same standard can result in low visibility of vulnerabilities that, when spotted, can prevent
insider threats.
Cyber Defense eMagazine – January 2024 Edition 56
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.