Cyber Threat Protection Theatre

Wed 5th Oct 14:20 to 14:50

How do you spot the insider threat?

Insiders are the new malware. Nearly every major security breach starts with an insider, or an attacker using an insider’s credentials.
2015 was a remarkable year for insider threats. It’s estimated that the average organisation suffered from 3.8 insider attacks last year and 45% of businesses can’t tell if they’ve suffered a breach. In order to combat the insider threat, organisations need to shift their focus from the perimeter to their data itself.
Organisations have to face the new reality that it is not a matter of if they will be breached, but when they will be breached. Attackers are already inside – either rightfully as an employee or contractor, or through legitimate but compromised credentials as an outside hacker. Their presence on a network wouldn’t necessarily look suspicious to IT, but their activity would likely appear anomalous. Still, users’ behaviour on many internal systems is rarely monitored or analysed.

This session will review a User Behaviour Analytics methodology for connecting disparate sets of data to detect signs of a breach, arrest the actions, and recover from the incident.

What you will take away from this session

  • What is User Behaviour Analytics and why your business should consider using it
  • Understand the different stages of an insider threat incident
  • What are the data sets and indicators to look out for that elevate otherwise indistinguishable user behaviour to indicate a serious threat in progress
  • How User Behaviour Analytics can protect you from ransomware and other malware variants


Speaker Name Profile
John Hughes View Profile

Social Media



IP EXPO | LinkedIn

The home of IP EXPO Event Series