Addressing Bias in Insider Risk Monitoring
Chris Denbigh-WhiteChris Denbigh-White

Addressing Bias in Insider Risk Monitoring

By Chris Denbigh-White, Chief Security Officer, Next

Preventing the loss of sensitive information can be difficult for organizations. Enterprises often take similar steps to protect data from internal and outside threats, where teams analyze activities to identify potential risks. Security operations centers (SOCs) defending against these threats must look at employees, partners, and threat actors through a similar lens to pinpoint potential data leaks. However, when surveilling for insider threats, there is the added concern of potential bias.

Defining Monitoring Bias

Monitoring bias is the unfounded, often discriminatory observation of specific employees or departments irrespective of their conduct. This can generate unsupported, negative conclusions about the credibility and trust an organization should have about an employee or department, resulting in intrusive monitoring. Conversely, it can lead to data leaks if biases prevent other employees from being adequately monitored.

Monitoring bias affects how businesses analyze insider risks, resulting in errors that can prevent identifying potential threats. This type of discrimination comes in many forms:

  1. Unequal Monitoring: Monitoring specific members of your organization without holding others to the same standard can result in low visibility of vulnerabilities that, when spotted, can prevent insider threats.
  2. Selective Attention: Concentrating on specific actions or behaviors instead of considering other risk indicators.
  3. Attribution Bias: Judging specific employees or departments as presenting a heightened or lowered risk for an organization without considering their behaviors is attribution bias. This leads to inaccuracies when developing risk profiles.
  4. Group Identity Bias: Stereotyping employees and assuming they present a higher risk based on their backgrounds can generate inaccurate assessments of their level of risk.
  5. Confirmation Bias: Monitoring bias can cause organizations to believe data that supports preconceived assumptions is far more trustworthy than it is, resulting in a lack of focus on contradictory information.

These biases can inadvertently make security teams fail to see risky activities from other employees, partners, or threat actors. The Intelligence and National Security Alliance finds that unfounded monitoring of individuals due to biases can lead to issues like:

  • Increased risk from unfounded confidence due to threat hunters and SOC teams concentrating on the wrong issues and individuals.
  • Wasted resources from spending too much time observing the wrong users due to biases.
  • Legal liability if protected groups are wrongfully monitored due to biases or privacy laws are violated.
  • Reputational damage due to unfavorable news reports because of biased investigations.

Legacy Approaches Don’t Address Bias

Older, legacy Data Loss Prevention and Insider Risk Management solutions use dated blueprints to run locally within organizational firewalls. These solutions often only utilize keystroke logging, screen recording, or web monitoring for users individually, therefore losing sight of the “bigger picture” and promoting bias.

Eliminate Bias and Improve Data Protection

It is best practice to reduce bias when monitoring employees by pinpointing activities involving sensitive data that can jeopardize sensitive information. Using technology that anonymizes employees while monitoring activities to maintain organizational security is crucial for eliminating bias. This monitoring technology still allows teams to unveil users displaying suspicious activity by providing ‘scoped investigations,’ giving audited data access to investigators with limited access to maintain privacy regulations.

Protecting and identifying employee information helps security teams detect risks without the interference of bias. This form of anonymity in monitoring provides teams with a holistic view of organizational activities that help detect threats and reduce monitoring bias, supporting an impartial management program that employees can trust.

About the Author

Addressing Bias in Insider Risk MonitoringChris Denbigh-White is Chief Security Officer of Next DLP (“Next”). He has over 14 years of experience in the cybersecurity space including in the office of the CISO at Deutsche Bank as well as cyber intelligence for the Metropolitan Police.

Chris can be reached online at https://www.nextdlp.com

Subscribe to Cyber Defense Magazine

Join our mailing list, no strings attached. We never sell your data. We'll send you monthly e-magazines, webinar invites from us and our partners, cybersecurity trade show updates, awards, infosec news, cybersecurity tips and so much more on all things cyber defense.
Subscribe

Related News

Addressing Bias in Insider Risk Monitoring The rising role of Digital Risk Monitoring solutions in M&A Guarding Against the Insider Threat: Do Your Employees Pose the Greatest Risk? Addressing the Unique Obstacles in Healthcare Through Policy-Based Access Control Introduction to Remote Spectrum Monitoring Bridging the Widening Gap in Cybersecurity Talent: Addressing the Urgent Need for Skilled Professionals Addressing the Particular Cybersecurity Challenge of Discrete Manufacturing The Ethics And Privacy Concerns Of Employee Monitoring: Insights From Data Privacy Expert Ken Cox
March 15, 2024

CyberDefenseMagazine Follow 24,016 54,487

Cyber Defense Magazine - The Premier Source for IT Security and Compliance Information. https://t.co/748STKH6k0.

cyberdefensemag

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Global InfoSec Awards for 2024 are now Open! Take advantage of co-marketing packages and enter today!

Show Me!
X