Risky behavior by employees is one of the biggest causes of IT-related breaches – everything from unsafe passwords, the clicking of malicious links in email and downloading of software with that captures keyboard strokes.
The usual defence of CSOs is to increase awareness training. But researchers at Fujitsu believe behaviour-predicting monitoring software can do the job, according to a report from Computerworld U.S.
The report quotes a company spokesman saying the idea is software would perform an action log analysis of email, browser and keyboard actions of each staffer. When a potential problem is spotted it suggests a security countermeasure.
For example, the tool would pop up a warning like “You are vulnerable to being scammed. Be careful,” says the report. It could also create graphs showing a user’s vulnerability to viruses, scams and data breaches compared to the risk profiles of other departments in the organization.
The application is still being worked on. Fujitsu hopes to commercialize it in 2016. There’s no word on what hardware the solution will need or how much, if any, performance hit it will take.
But if it’s practical the approach could have a significant impact on IT security. There’s nothing more worthwhile than a warning to staff to “slow down.” On the other hand, there’s the possibility that like the false warnings security pros get from intrusion detection software that sometimes are ignored, there’s the possibility that end users will do the same.