Detecting low and slow insider threats

In my last post I discussed how machine learning could be used to detect phishing-based account compromise attacks using a real-world use case from the recent Verizon Data Breach Digest. This time I’ll examine how to detect insider threats using similar techniques.   The example I’ve chosen involves an organization in the middle of a buyout that was using retention contracts to prevent employee attrition. To find out what other employees were being offered, a middle manager acquired IT administrator credentials from a colleague and friend. He used these credentials to access the company’s onsite spam filter and spy on the CEO’s incoming email. The abuse didn’t stop there. The same credentials were also used to browse sensitive file shares and conduct other unauthorized actions. + ALSO ON CSO: Verizon…


Link to Full Article: Detecting low and slow insider threats