The U.S. presidential campaign was roiled continuously by leaks of emails from the Democratic National Committee and the chairman of that party\u2019s presidential campaign. After it was revealed that those actions resulted from email phishing attacks, many CSOs may well have empathized. But when, in early May 2017, a sophisticated phishing scam enticed perhaps a million users or more to click on a Google Docs link, that empathy might have morphed into a state of high anxiety.\n\nThese events demonstrate that even well-meaning computer users can be lured into risky online behavior. The Google Docs cyber-attack relied on email delivered to inboxes that appeared to have been sent by a known and trusted contact. Many enterprises use Google resources for parts of their own infrastructure, and even those that don\u2019t may have many employees with their own accounts for Gmail, Google Docs, and other services.\n\nEven the best intended workers can open the enterprise network to interlopers, while some legitimate users may exploit their authorized access to execute malicious activities.\n\nInsider threats\n\nIt may well be that the actions of insiders are a greater threat than those of outsiders. An analysis of cyber-breach claims data by Willis Towers Watson, a global multinational risk management, insurance brokerage, and advisory company, reveals that 66% of cyber-breaches are a result of employee negligence or malicious acts, compared to 18% directly driven by an external threat, and 2% from cyber-extortion. So it makes sense to take note of common employee behaviors that put your company at risk:\n\nOnly by automating the detection of attacks and risky behaviors inside an organization can IT security stand a chance. As the new dimension of complementary attack detection, User and Entity Behavior Analytics (UEBA) is a fast-emerging technology that utilizes machine learning techniques to detect anomalous behaviors and reliably attribute malicious intent to them.\n\nTo learn more, visit Aruba.