A recent study of three million workers across 16 global cities revealed Covid has consigned the traditional nine-to-five day to history (if it wasn’t already). What’s more, 16% of US workers say they will be working from home after Covid and with the second wave currently sweeping across Europe it feels as if this will be the norm for a while longer.
While there is no doubt that working from home brings numerous benefits and fears that productivity will suffer are largely unfounded, with more workers out of the office and working alone it does increase the potential for fraud and insider threat.
Fraud analysis and corporate threat are fundamentally centred on identifying the unknown. But where do organisations begin looking and what do they look for?
But knowing this and being able to do something about it are two totally different things. Fraud analysis and corporate threat are two problems fundamentally centred on identifying the unknown. But where do organisations begin looking and what do they look for?
In this short blog post I summarise a presentation I gave during Behavioural Analysis Week highlighting the short comings of traditional methods and showing how modern techniques can help by removing the substantial barrier of actually knowing what to look for.
If you don’t know what (or when) you are looking for, where do you start? In practical terms, what do you type into your search bar?
This is not a new problem and over two thousand years ago Plato himself mused that If you know what you are looking for enquiry is unnecessary, and if you don’t know what you are looking for enquiry is impossible. Therefore, enquiry is unnecessary or impossible. While the logic is infallible it’s not very helpful to a modern organisation. The solution that Plato suggests relies on his theory of recollection, wherein knowledge exploration and discovery is merely our recollection of timeless forms from a period long before our immortal souls were imprisoned inside our physical bodies. And, once again, while one shouldn’t question the veracity of the solution, it’s not very practical in the days of home working which is why FACT360 relies on AI and unsupervised machine learning.
If you know what you are looking for enquiry is unnecessary…
Typically, technology for insider threat detection focuses on Security Information and Event Management deploying models of known values and norms to highlight unusual behaviours.
Security Information Management (SIM) or Security Event Management (SEM) are only really a defence against what you already know – the ‘known knowns’.
Information governance processes such as Security Information Management (SIM) or Security Event Management (SEM) identify and track access to so-called Critical Value Data (CVD) and flag unusual network activity. But this relies on defining the critical data in the first instance and identifying threats it may face. Therefore it is only really a defence against what you already know – as Donald Rumsfeld said the ‘known knowns’.
User and Entity Behaviour Analytics (UEBA) techniques can miss hostile action that mimics normal behaviour.
And while User and Entity Behaviour Analytics (UEBA) can be used to flag anomalous network activity, these techniques can miss hostile action that mimics normal behaviour.
Luckily there is a solution. And it is a rare instance when ignorance is bliss as there is no need to identify the threat in the first place
Ignorance can be bliss
FACT360’s solution was inspired by ‘traffic analysis’ developed by George Welchman during the second world war at the UK’s Bletchley Park. Welchman’s techniques examined the characteristics of enemy messages, such as volume, direction and time, rather than the message content itself. And it is his techniques that FACT360 has built upon and now applies to corporate communication networks detecting subtle changes in behaviour characteristic of covert activity.
FACT360’s analysis treats each communication across a corporate network as a ‘transaction’ with the subsequent transactional analysis the first stage of the process identifying the key people and events.
FACT360 models the communication of everyone within an organization and reveals automatically critical behavioural change – the unknown unknowns.
Using emails and when available, phone and meeting records, FACT360 can model the communication of everyone within an organization and then, by highlighting anomalies in the data it reveals automatically the unknown unknowns highlighting potentially critical behavioural change.
Natural Language Processing
And while it can gain significant insight without analysing the content of messages it takes the analysis one stage further using Natural Language Processing to identify and group clusters of related communication, revealing the key concepts being discussed across the various corporate communication channels.
And the final stage in FACT360’s analysis is anomaly detection. Here we use changepoint analysis to identify subtle break points in the communication time series where relevant change has occurred. And this can successfully detect important changes even when they are invisible to the naked eye. By dynamically highlighting behavioural change across employee communication networks, FACT360 can flag in real time any suspicious communications.
Deployed for real-time insider threat detection highlighting subtle change in communications.
Using these techniques FACT360 can be deployed for real-time insider threat detection highlighting subtle change in communications and it can also be used to focus purely on historical data and expedite the investigation and evidence gathering process during fraud investigations.
However FACT360 is deployed it will help you identify your unknown unknown threats providing some certainty in these uncertain times.
Watch the presentation I gave during Behavioural Analysis Week and get in touch to see how we can help you find your unknown unknowns.
 Harvard Business School – Working Knowledge, 14 September 2020 https://hbswk.hbs.edu/item/you-re-right-you-are-working-longer-and-attending-more-meetings