Battle Insider Breaches with Automated Monitoring

Back to Blog
Chainarong Prasertthai

Battle Insider Breaches with Automated Monitoring

“In general, the greatest data security risk is posed to organizations by insiders…If they want to steal it or leak it, they can usually do so with far greater ease than outsiders.”

~ Joseph Steinberg, Cybersecurity Expert, Author, Entrepreneur

Insider breaches account for 30 percent of all data breaches, though most of those incidents are accidental. But that still leaves some that are carried out with malicious intent. It only takes one rogue employee – or a hacker with a staff member’s login – to expose sensitive data or sabotage a business.

This certainly isn’t to say a business owner should treat all workers as potential thieves. No employer wants to believe the people they hired, the people they trust, are capable of deceit. But blind trust can leave the door open for opportunistic mischief and the undetected use of stolen credentials. Wise decision-makers should strike a balance between optimism and caution.

Beyond the Firewall

“Internal exploits are much more difficult to detect because the users are authenticated on the domain,” said Drew Farnsworth, a data center infrastructure consultant, “…Internal attack[er]s can copy a large number of files without anyone having any knowledge of the source of the attacks.”

Since external threat inhibitors, such as firewalls, aren’t meant to recognize activity executed with legitimate credentials, businesses owners should incorporate security measures dedicated to insider threat detection, such as automated monitoring of user behavior patterns and suspicious log-in activity.

Behavior monitoring works by tracking and analyzing user behavior patterns over time to establish baselines of normal activity. The application looks at networks, accounts, user profiles, and more to detect activity that is incongruous with the baseline.

As individual user behavior is so unique and complex, identifying deviations can be beyond an IT department’s manual abilities. Automated monitoring can catch anomalies where and when a human may not. Is a daytime worker logging into the system at 3 a.m.? Did a contract worker access company files after his last day? Were credentials of an employee on vacation used to access the network? Automated monitoring could call attention to any one of these scenarios, and hundreds of others. And any one of these activities could be perpetrated by a disgruntled employee or a hacker who stole user credentials.

What an Automated Internal Threat Detection System Can Do:

  • Expose unauthorized logins
  • Identify newly created user profiles
  • Detect application installations
  • Alert to new admin rights
  • Recognize anomalous user behavior

A System of Security

Of course, internal user-behavior monitoring isn’t a stand-alone solution. Rather, it’s an integral component of a comprehensive cybersecurity framework.

To learn more about tools that MSPs can use help their clients obtain robust internal security with user-behavior monitoring analytics, download our whitepaper “How to Sell and Deliver Internal Threat Detection with Cyber Hawk.”



  1. 30+ data breach statistics and facts, Comparitech, 2020
  2. 2020 Data Breach Investigations Report, Verizon, 2020
  3. Insider vs Outsider Data Security Threats: What’s the Great Risk?, Data Insider