Page 57 - Cyber Defense eMagazine January 2024
P. 57
2. Selective Attention: Concentrating on specific actions or behaviors instead of considering other
risk indicators.
3. Attribution Bias: Judging specific employees or departments as presenting a heightened or
lowered risk for an organization without considering their behaviors is attribution bias. This leads
to inaccuracies when developing risk profiles.
4. Group Identity Bias: Stereotyping employees and assuming they present a higher risk based on
their backgrounds can generate inaccurate assessments of their level of risk.
5. Confirmation Bias: Monitoring bias can cause organizations to believe data that supports
preconceived assumptions is far more trustworthy than it is, resulting in a lack of focus on
contradictory information.
These biases can inadvertently make security teams fail to see risky activities from other employees,
partners, or threat actors. The Intelligence and National Security Alliance finds that unfounded monitoring
of individuals due to biases can lead to issues like:
• Increased risk from unfounded confidence due to threat hunters and SOC teams concentrating
on the wrong issues and individuals.
• Wasted resources from spending too much time observing the wrong users due to biases.
• Legal liability if protected groups are wrongfully monitored due to biases or privacy laws are
violated.
• Reputational damage due to unfavorable news reports because of biased investigations.
Legacy Approaches Don’t Address Bias
Older, legacy Data Loss Prevention and Insider Risk Management solutions use dated blueprints to run
locally within organizational firewalls. These solutions often only utilize keystroke logging, screen
recording, or web monitoring for users individually, therefore losing sight of the “bigger picture” and
promoting bias.
Eliminate Bias and Improve Data Protection
It is best practice to reduce bias when monitoring employees by pinpointing activities involving sensitive
data that can jeopardize sensitive information. Using technology that anonymizes employees while
monitoring activities to maintain organizational security is crucial for eliminating bias. This monitoring
technology still allows teams to unveil users displaying suspicious activity by providing ‘scoped
investigations,’ giving audited data access to investigators with limited access to maintain privacy
regulations.
Protecting and identifying employee information helps security teams detect risks without the interference
of bias. This form of anonymity in monitoring provides teams with a holistic view of organizational activities
that help detect threats and reduce monitoring bias, supporting an impartial management program that
employees can trust.
Cyber Defense eMagazine – January 2024 Edition 57
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.