User behavior analytics sniffs out anomalies in users' actions and alerts IT security teams of suspicious behavior Credit: Thinkstock The theft of unstructured data is extremely common. It can be very difficult to safeguard emails and files when a lot of people have access. Even the CIA is not immune, judging by the recent exposure of its hacking tools via WikiLeaks. It’s ironic that the CIA’s hacking guides have been hacked, but it just goes to show how difficult it can be to prevent.Carelessly handled unstructured data is an easy target, and it can prove very valuable for hackers. Since unstructured data may not be monitored, attacks and successful exfiltrations often go unnoticed for long periods.For example, the big data breach at Yahoo was only investigated after someone offered to sell millions of accounts on the black market.Many companies have no idea that they’ve been infiltrated. The global average time between compromise and breach detection is 146 days, according to FireEye. Clearly, there’s a tangible need to cut that down, and user behavior analytics could be the answer. What is user behavior analytics?The idea behind user behavior analytics is to establish what normal activity looks like at an organization and to monitor for anything unusual. The focus is firmly on users, and suspicious behavior is flagged so that the IT security team can investigate. Many different actions might be flagged as worthy of further investigation, such as an employee accessing a system at 2 am, suddenly modifying thousands of files or trying to change administrative privileges.Being able to detect when users access sensitive data is the first step toward securing it properly. The beauty of user behavior analytics is that it’s about keeping a watchful eye on activities that IT security teams are worried about. That might be all activity pertaining to sensitive data, but it can also include mass failed log in attempts, email attachments sent to personal accounts and changes made outside of change control windows. People are the weakest link in cybersecurityA lot of time and money we put into information security is centered on software tools, but we know that the weakest link in cybersecurity is employees. It makes a lot of sense to take a closer look at people. Some security incidents can only be detected by analyzing people and their behavior with regard to valuable company data.A full 88 percent of end users say their job requires them to access and use proprietary information, according to Varonis. Interestingly, 62 percent say they have access to company data they probably shouldn’t see.Getting into the network through an employee’s account can give a determined attacker access to a lot of unstructured data, some of which will arm them with the ammunition they need to burrow deeper or infiltrate new systems laterally. IT practitioners say insider negligence is more than twice as likely to cause compromise of insider accounts than anything else.It’s important that we look beyond perimeter defenses. Better firewalls, antivirus software or malware detection are not going to solve the problem, but user behavior analytics could make a real difference.Uncovering anomalies inside and outBecause user behavior analytics sniffs out anomalies in user behavior, it can determine when a legitimate user’s credentials are being used by an external attacker. But the fact that it quickly identifies any deviation from the norm means it can spot the changes that signal insider theft or sabotage as well. Anything that doesn’t match the usual pattern of daily business sparks an alert.These kinds of alerts still require an experienced security officer to investigate and assess them, but they can drastically cut down on the time it takes to identify and confirm problems. As user behavior analytics technology improves, it’s likely to encompass more automation and go beyond data breach identification. All of the best security strategies include a blend of technologies and take a holistic view of the potential risks. The cost of a data breach is so high that it’s essential to take every action at your disposal that might mitigate the risk. Coupled with solid perimeter defenses, user behavior analytics is a powerful asset in the fight against data theft, and it represents an irresistible opportunity for companies to tighten up unstructured data protection. The opinions expressed in this blog are those of Michelle Drolet and do not necessarily represent those of the IDG Communications, Inc., its parent, subsidiary or affiliated companies. Related content opinion Diversity in cybersecurity: Barriers and opportunities for women and minorities Increasing the numbers of women and minorities in cybersecurity isn't just good for the individuals involved, it's good for the practice of security. Here's a look at what's holding them back and what can be done about it. By Michelle Drolet Dec 23, 2021 5 mins Diversity and Inclusion Hiring Security opinion 6 steps for third-party cyber risk management If you have third-party partners, you need a third-party cyber risk management program. Here are six key steps to follow. By Michelle Drolet Sep 30, 2021 4 mins Risk Management Security Practices Security opinion 5 open source intrusion detection systems for SMBs If you don’t have a lot of budget at your disposal, these open-source intrusion detection tools are worth a look. By Michelle Drolet Nov 13, 2020 5 mins Intrusion Detection Software Security feature 6 steps to building a strong breach response plan Cybersecurity resilience depends on having a detailed, thorough, and tested breach response plan in place. Here's how to get started. By Michelle Drolet Oct 07, 2020 5 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe