It is the company’s responsibility to preserve shareholder value by protecting your brand, your IP and the value of your products. Among the threats your business faces, data loss risk must rank very high.
Trade secrets relating to each version of a product and new products, customer PII and market strategy are all valuable assets that need to be protected. Competitors can gain competitive advantage by launching a better product or launching earlier and stealing market share
Assuming you agree that your IP, in all its forms, represents a significant portion of your assets, then the only remaining question is how to protect these assets, without being overly intrusive on employee privacy and without creating a ‘big brother’ culture.
Privacy risks exist when surveillance systems are used by employees to spy on colleagues or to monitor outside their defined remit. Equally, intruding on the private lives of employees can lead to problematic HR situations, that can’t be “unknown”.
2019 Verizon Data Breach
The 2019 Verizon Data Breach report shows that email and insiders represent the greatest data loss risks. While firms saw a 67% increase in impersonation or business compromise attacks, over 56% of data breaches took months or longer to discover. That means that most firms don’t have good ways to detect that an email system has already been compromised!
The first question to ask: are your current solutions sufficient to protect these assets or are there vulnerabilities – is there a gap? How good are your defenses? and how well can you detect if you have already been compromised?
If an email account was compromised would you know? If an employee was colluding with or coerced by a competitor would you know? Are you able to identify data loss by a single email buried in the noise of daily email chatter?
Email remains the method by which the knowledge economy operates. In theory you should supervise your email – read it all. That’s just not scalable given the millions of emails that cross your firewall every day. Sampling and keyword searches have also proven to be ineffective.
Protecting Privacy and the business
So what are the options. You can either hire more humans to read a lot more email or you can use technology to do it. The value of using advanced technology like Catelas to look at every email is that no human ever sees the majority of the emails. In a sense there is no invasion of privacy. Only the 0.1% of emails that represent real risk are every presented to a human for assessment. Indeed risk is carefully defined, so ‘fishing expeditions’ are avoided.
Using humans to read everything or letting them decide, ad hoc, who and what to search for opens the process up for abuse and invasion of privacy. Whereas a technology like Catelas, once set up and operating under your own security policies and procedures, will operate independently and free from bias. The surveillance is not personal and humans get to see very few emails.
This is how many of the firms we work with look at the risk versus privacy challenge. Advanced technology provides better protection, is difficult to abuse and generates few alerts for humans to review. Humans are not suited to deal with such large volumes of email, their behavior harder to audit, and in the end they need to read too many emails to be effective.
“More than half of data breaches took months or longer to detect. Over 60% of departing employees stole information months before they resigned.”
Existing systems, focusing on the detection of certain keywords, generate an overwhelming number of false positives and few relevant alerts. Existing systems fail because:
Can’t understand people’s behavior
Can’t understand change
Can’t predict risk.
Can’t learn from experience
In contrast, Catelas understands behavior and context and can detect when your employees’ behavior changes. In many cases, Catelas can predict risk.
Request a Demo
Catelas Insider Risk & Email Surveillance
Collusion with a competitor
Coercion by external criminal
Departing employee risk months in advance
conflicts by Outside Business Activity
Schedule a call to learn how Catelas Insider Risk Surveillance & Incident Response software is used by firms to defend against phishing, email hijacking and employee rogue behavior, and plug the gap in your defenses.
HOLISTIC SURVEILLANCE: MULTIPLE ALGORITHMS WORKING TOGETHER
Unsupervised Machine learning is used to significantly reduce false positives by up to 95%. Each day new models are automatically created to track constantly changing false positives.
Understanding where strong active relationships exist, both internally and externally, helps map out how a firm does business. Understanding these natural channels is key to understanding risk.
Learning what are ‘normal’ and ‘anomalous’ behaviors across communities, allows Catelas to uncover key leading indicators of risk at the employee and message level.
Social Network Analysis
Understanding how people connect within groups is important to how Catelas gains a more holistic view of risk and risk modeling. Knowing that apparently disparate conversations are related is key.
Advanced Natural Language Processing (NLP) algorithms are used to dynamically cluster content, uncovering new topics of conversation which can then be mapped against defined risks.
Combining risk scores such as Conduct Risk, Collusion Risk, Content Risk along with risk signals from across the bank, allows Catelas to build up a more selective understanding of risk.