Could you hack your bosses without hesitation, repetition or deviation? AI says: No Businesses find themselves in a world where the threat to their networks often comes not simply from a compromise of their computers, servers, or infrastructure, but from legitimate, sanctioned users. There is nothing new about the notion of cyber-attackers seeing human beings as their biggest target. For years, real-world …
> But attackers who are already on the inside of a network, abusing his or her credentials for nefarious intent without anyone the wiser are rapidly gaining notoriety.
It has been a source of puzzlement for years - no, decades, why IT workers with admin prvileges are so reluctant to use these for their own benefit. It should be quite easy for any sysadmin worth their paycheck to insert whatever sort of "payload" they choose onto their boss's computer. Or their boss's boss or ..... the CEO. Or even a co-worker who they dislike or who's job they would view as a promotion (that alone would be enouigh motivation for people to secure their own kit).
That is, if "icky" stuff would actually need to be placed there - rather than the individual in question having already done the dirty work and it just needing to be discovered and reported.
It has been a source of puzzlement for years - no, decades, why IT workers with admin prvileges are so reluctant to use these for their own benefit.
Well, firstly, it's a pretty crap setup if "admin" access is a synonym for "access all areas" for a single person, unless it's a small outfit. In which case there's probably other mechanisms in place (like working next to your boss). Even going back 10 years when I was sysadmin for a small business, there were things I didn't have access to (the directors email, for one).
And even if you had genuine God access, the question is how to use it "to your own benefit" ? Because if you could devise a way to do so - and make it undetectable then (a) what are you doing being a sysadmin, and (b) well .... how do we know it hasn't happened ?
Finally, it's a hard enough life getting the systems to do whatever nonsense the business is crying out for today, let alone getting it to do something off piste.
"It has been a source of puzzlement for years - no, decades, why IT workers with admin prvileges are so reluctant to use these for their own benefit."
You have a nice and well paid job (in comparison to a lot of other jobs at least), why screw it up?
"That is, if "icky" stuff would actually need to be placed there - rather than the individual in question having already done the dirty work and it just needing to be discovered and reported."
I have found stuff like that quite often, it's usually some unknowledgeable user who did something stupid. Nobody cares, you just clean it up and move on to the next ticket.
"For example, the range of contacts a user will interact with through an email system and the nature of that communication will almost always be within certain limits."
Clueless end user here
Yesterday, I had to contact two middle manager type people outside my normal silo on an urgent basis to resolve an issue for a prospective student with a very unusual profile of qualifications and support needs. Then I needed to document what was effectively a new clause in the usual process, and make sure all the people in the chain knew what I had done. Such is the responsiveness of a fairly small public sector organisation, I got that resolved fairly quickly, and my 'identity' in the organisation is a humble one.
So, yes, as mentioned towards the end of the article, it will come down to the response by IT support to an outlier event once flagged. One hopes that will be of the 'gather more information' kind rather than some kind of banhammer.
Isn't this just application of the principle of googling "how to kill your wife"? The kind of thing the Thought Police have been doing since ... I was going to say Orwell's time, but it goes back much further than that: God has been policing thoughts for millennia before that, as the totalitarian tendencies of His servants has waxed and waned.
because AI is going to be cheap = more profit.
And... because employees won't be able to afford hiring another AI to analyse their case to spot what went wrong there, and further hire another AI to present their case in court against the business AI that flagged them in the first place.
The problem with UEBA is context.
In particular, baselining assumes that bad behavior is outside the baseline behavior set - in reality, bad behavior is context dependent. A sales person copying a customer list into their phone is not a bad behavior...unless he's quitting the next day.
There's also the issue of alternate data capture. The ignorant crims today will try to copy into USB hard drives in one go; the smart ones will space copying out. Particularly sensitive data - just take a phone snap. etc etc.
AI-driven security, some sort of technological snakeoil, similar to the current fashion for attaching everything to AI or blockchain, to gave it credibility.
“The network perimeter has been compromised by attackers, threats, and risks on both sides of the firewall.”
Don't have an inside to hack, have all internal transactions implimented using encryption and kerberos one time tickets or some such. Put everyone on the outside and impliment a full irrevocably audit trail with a hardware dongle required to attach to the system.
And this is the worst form--assume that "usual" is the definition of good, and initiate "corrective" action accordingly. I've worked in microprocessor validation. I've paid more than average attention to security since I was a child. Usual is good for monitoring drones. Real predators, not so much.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
