External threats are typically given most consideration when addressing cyber security. While advanced persistent threats leveraging phishing attacks, data breaches based on exploitation of externally facing web applications, and targeted attacks by loosely organized hacking groups get much of the media and product vendor attention, abuse by insiders represents a significant risk for which effective controls are lacking.
Insider threat detection is a major technological problem with high potential for in-demand products that are effective and easy to use. The insider threat is context-dependent in time and space, yet current detection approaches focus on forensic analysis of only cyber data to detect malicious acts—aiming to identify and discipline the perpetrator only after the fact. In general, the security analyst has the critical responsibility to make sense of the output of numerous tools, which are limited to information that can be extracted from cyber data.