Page 57 - Cyber Defense eMagazine January 2024
P. 57

2.  Selective Attention: Concentrating on specific actions or behaviors instead of considering other
                   risk indicators.
               3.  Attribution  Bias:  Judging  specific  employees  or  departments  as  presenting  a  heightened  or
                   lowered risk for an organization without considering their behaviors is attribution bias. This leads
                   to inaccuracies when developing risk profiles.
               4.  Group Identity Bias: Stereotyping employees and assuming they present a higher risk based on
                   their backgrounds can generate inaccurate assessments  of their level of risk.
               5.  Confirmation  Bias:  Monitoring  bias  can  cause  organizations  to  believe  data  that  supports
                   preconceived  assumptions  is  far  more  trustworthy  than  it  is,  resulting  in  a  lack  of  focus  on
                   contradictory information.

            These  biases  can inadvertently  make  security  teams fail  to see risky  activities  from other  employees,
            partners, or threat actors. The Intelligence and National Security Alliance finds that unfounded monitoring
            of individuals due to biases can lead to issues like:

               •  Increased  risk from unfounded  confidence  due to threat hunters  and SOC teams concentrating
                   on the wrong issues and individuals.
               •  Wasted resources from spending too much time observing the wrong users due to biases.
               •  Legal  liability  if  protected  groups  are  wrongfully  monitored  due  to  biases  or  privacy  laws  are
                   violated.
               •  Reputational damage due to unfavorable news reports because of biased investigations.



            Legacy Approaches Don’t Address Bias

            Older, legacy Data Loss Prevention and Insider Risk Management solutions use dated blueprints to run
            locally  within  organizational  firewalls.  These  solutions  often  only  utilize  keystroke  logging,  screen
            recording,  or  web  monitoring  for  users  individually,  therefore  losing  sight  of  the  “bigger  picture”  and
            promoting bias.




            Eliminate Bias and Improve Data Protection

            It is best practice to reduce bias when monitoring employees by pinpointing activities involving sensitive
            data  that  can  jeopardize  sensitive  information.  Using  technology  that  anonymizes  employees  while
            monitoring  activities  to  maintain  organizational  security  is crucial  for  eliminating  bias.  This  monitoring
            technology  still  allows  teams  to  unveil  users  displaying  suspicious  activity  by  providing  ‘scoped
            investigations,’  giving  audited  data  access  to  investigators  with  limited  access  to  maintain  privacy
            regulations.

            Protecting and identifying employee information helps security teams detect risks without the interference
            of bias. This form of anonymity in monitoring provides teams with a holistic view of organizational activities
            that help detect threats and reduce monitoring  bias, supporting  an impartial management  program that
            employees can trust.






            Cyber Defense eMagazine – January 2024 Edition                                                                                                                                                                                                          57
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   52   53   54   55   56   57   58   59   60   61   62