How to digitize the human factor?
In the September issue of Information Security magazine, Security Director of the SearchInform company, expert profiler Ivan Birulya spoke about such a seemingly unconventional method for the information security sphere as profiling.
Today, the priority of the security services is to work proactively: identifying the prerequisites for a possible incident, and not working with its consequences. However, it is far from always possible to detect potential insiders using classical methods and tools, even such proven and reliable ones as DLP systems. There are several reasons for this:
- technical means of information protection are powerless in the face of user tricks;
- incidents and crimes often leave no traces;
- the availability of information increases the level of users' IT competencies;
- defending is always harder than attacking. It is difficult to predict how the criminal will behave, what kind of fraudulent scheme he will organize.
However, this does not relieve information security specialists of important tasks. They need:
- create an effective mechanism for predictive assessment of user behavior;
- find a simple, fast and effective way to investigate incidents;
- correctly identify and rank the level of human risk.
It is also important to remember that time is becoming a key parameter in the investigation of incidents involving human factors.
Tools from related areas, such as profiling, will help to solve these problems and qualitatively improve the work in advance. It includes a set of non-test psychodiagnostic tools that allow you to quickly and reliably “read a person”, understand his individual characteristics and effectively use them in communication, and predict behavior.
- analysis of psycholinguistics;
- determining the type of character;
- application of communication strategy and tactics;
- understanding of facial expressions and pantomime (emotions);
- identifying strategies of thinking and behavior.
Profiling: how to apply it?
Profiling originated at the intersection of psychology and forensics. In particular, the elements of this technology are used to solve criminal offenses and anti-terrorist activities.
Here is a recent example from my practice. A major theft of funds occurred at one of the mines of a mining company. It was not possible to find traces of the crime, and two dozen people fell under suspicion. An expert profiler, using group profiling methods, narrowed the number of suspects to two people in half a day, and over the next day not only received a confession, but also forced the guilty to return the entire stolen amount.
Profiling allows you to:
- promptly, without using any tests, receive important information about the employee, his values, beliefs, past experience, professional qualities and communicative characteristics;
- identify criminal tendencies in character based on different types of crimes and incidents in information security;
- receive additional tools in the investigation of incidents and crimes in information security;
- calculate human risk, carry out compensatory measures;
- make a forecast of employee behavior for standard, critical and stressful situations;
- rationally apply the basic psychological principles of selection, selection, dismissal of employees based on safety requirements.
Despite the obvious efficiency, doing such work “manually” will become labor-intensive. After all, regular profiling of even 30-40 employees of a company will take an extremely long time.
DLP and profiling - a symbiosis of technologies
Automation of predictive estimation and the inclusion of profiling tools in the DLP functionality - such an ambitious task was set by the SearchInform company.
In addition to reducing labor costs, the automation of profiling allows you not to frighten off a cautious insider, to avoid escalating the situation in the company, to conduct investigations and preliminary diagnostics without attracting unnecessary attention from staff.
Now the SearchInform company conducts research in this area, develops automated methods for predictive assessment of user behavior. By the end of the year the company will present its customers with a ready-made solution - profiling technologies built into the DLP system.
The implementation of this idea is based on the psychological characteristics of the user. The fact is that they affect the way a person works at a personal computer. The DLP profiling center module will analyze user behavior, as well as deviations from its normal state. The system will form the user's psychological profile according to certain algorithms, i.e. will take over routine tasks and greatly simplify the work of an information security specialist.