How Anomaly Detection Protects Your Data

The  recent Sony hack attack tells us that a data breach could inflict huge damage and embarassment to a company. Investigators haven’t ruled out the possibility of a disgruntled ex-employee behind the attack.

One way to prevent your employees from stealing your company’s data is to detect anomalous behavior coming from an employee—online behavior and even offline computer behavior that’s strays outside the line, that’s a little unexpected.

This is called anomaly detection, and it can help prevent a data breach. But it’s easier said than done, because this technology is relatively new. It’s part of a realm called data science. Data science spots behavior that’s not considered reasonable, that somehow deviates from an established norm. This is the first step in detecting a threat.

A fine balance must be established so that the detection doesn’t go overboard and start over-flagging benign behavior, yet at the same time, doesn’t miss behavior that’s being committed by a fraudster…subtle shifts from the norm.

Companies don’t want too many alerts, which can blur what’s really going on, desensitizing the effect of the anomaly detection. There have been cases in which a genuine anomaly was detected (and eventually a data breach occurred), but so many red flags were raised that the threat got lost in the muddle, essentially the boy crying wolf.

When an anomalous action is detected, the next step is to notify the security team to investigate hands-on. And there are two more steps: alert the suspicious user’s boss and outright stop the user from having any access to the company’s system. The threat must be well-understood, with evidence gathered to present to the user in question.

Ideally, they want to not only accurately detect genuine threats (no false alarms) but also know how to effectively respond and handle the threats. There must be rhyme and reason, structure and methodology to anomaly detection: a follow-through plan.

Anomalous behavior detection is a blossoming field of technology that’s come a long way, but has a long way to go. It’s far from perfect, but businesses desperately need it. It’s preventive medicine. It’s worth the investment and ongoing refinements. No company should be without it.

Meanwhile, protect yourself from account takeover if an insider gets your data:

• Monitor your accounts: The most effective way to prevent fraud is to look closely at every statement. This might mean monthly via paper statements or daily via online statements or even text alerts via your smartphone.
• Protect your devices: Run Windows Update, also known as “Microsoft Update.” It scans your computer on a regularly scheduled basis for any necessary software or hardware updates. You can access Windows Update from your control panel. Make sure it is set to download and update critical security patches automatically. Use comprehensive security software and keep it up to date to avoid keystroke log­gers and other malware.
• Encrypt WiFi: Your home network needs its own encryption that is built into your router. Set it to WPA or WPA2. When you are on free, open public WiFi use Hotspot Shield which encrypts all your data as it travels over unencrypted WiFi.
• Effective passwords: There is no such thing as a truly secure pass­word. There are only more secure or less secure passwords. Don’t reuse passwords across multiple sites, use different passwords for each of your accounts, use at least eight characters of upper and lowercase letters, numbers, and, if possi­ble, symbols.