Cyber Strategy

When Chief Information Security Officers (CISO), or anyone in the technology and cybersecurity sector, hear the term “cyber monitoring,” they think the same thing. 

It brings to mind companies that are tracking internal systems to look for anomalies that occur in an internal system: things like visiting unauthorized websites or accessing confidential files. But in our modern world – where there are more ways for data to be compromised, and from more directions – that definition has necessarily expanded, and the way that CISOs think about monitoring needs to as well. Our technology can be made more secure in a way that works for us and anticipates and addresses threats earlier and more effectively. 

The traditional way that the cyber industry treated monitoring solutions happened internally and on the account level – meaning it didn’t have anything to do with the individual. While the reasoning behind this model was sound, it presented challenges that made it difficult to sift through information to identify genuine security threats and breaches. For instance, there are tons of people that may share a name with an employee, making it hard to pull out what is genuinely meaningful in the midst of a seemingly never-ending stream of alerts. 

Even when these traditional security models do pick up digital anomalies, it doesn’t give CISOs the full picture, so they’re not sure where the threat originated and therefore how to best respond. Broadly speaking, there are two main directions that a security threat comes from. First, there are external threats – scenarios where someone’s account has been compromised and a hacker is trying to use their credentials to access sensitive information. In this case, the best approach is to shut down all access to the account as quickly as possible. The other type of threat originates internally and is identified by anomalies at the account level that may represent an insider attempt to use data and information maliciously. Here, the CISO’s approach should be almost opposite to the external threat. They might quietly investigate and closely monitor the individual’s behavior to build a case against them. 

But if they can’t determine this, then it’s difficult to properly intervene. This dynamic created the opportunity to build a better way of monitoring where account anomalies are informed by individual behavior to paint a fuller picture of the nature of the incident. By bringing in human behavior, CISOs can determine the source of the unusual activity and make informed decisions about how to best proceed on a case-by-case basis. 

The most essential and revolutionary aspect of this behaviorally-informed cyber monitoring approach is that employees – the ones being monitored – provide informed consent before their company can monitor them. 

Traditional cyber monitoring does not prioritize consent, or even make it a part of the conversation, because the account information is considered proprietary property of the company. In reality, the idea that the company owns all of your data and can evaluate and use it however they like is more akin to surveillance than monitoring. The newer human behavior model supplements account information with data from outside of the organization and centers consent and transparency every step of the way: employees know what personal information their employer is using and how making this form of consent-based monitoring more of a two-way agreement between employee and employer than a traditional top-down surveillance approach. 

Over time, employee monitoring has acquired a negative connotation – but that connotation grew from a surveillance-based, incomplete, and non-consensual approach. With new behavior-informed consent-based models, this negative attitude no longer holds water. Consent should be at the center of the cybersecurity and monitoring conversations so that employers have the information they need to keep their data safe, and employees have a trusted seat at the table as well.