1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IDG Contributor Network: Detecting low and slow insider threats

Discussion in 'CSO' started by RSS, May 19, 2016.

  1. RSS

    RSS New Member Member

    In my last post I discussed how machine learning could be used to detect phishing-based account compromise attacks using a real-world use case from the recent Verizon Data Breach Digest. This time I’ll examine how to detect insider threats using similar techniques.

    The example I’ve chosen involves an organization in the middle of a buyout that was using retention contracts to prevent employee attrition. To find out what other employees were being offered, a middle manager acquired IT administrator credentials from a colleague and friend. He used these credentials to access the company’s onsite spam filter and spy on the CEO’s incoming email. The abuse didn’t stop there. The same credentials were also used to browse sensitive file shares and conduct other unauthorized actions.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page