+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

The Chief Information Security Officer of Microsoft explains how it's helping companies protect themselves against a threat almost as big as hackers: Their own employees

Feb 22, 2020, 19:47 IST
  • Microsoft is unveiling a new Office 365 tool that would let businesses spot "internal risks," including the mishandling or theft of company files.
  • Microsoft Chief Information Security Officer Bret Arsenault said the new technology, called Microsoft Insider Risk Management, uses AI and machine learning to allow businesses to monitor the way information flows within a network.
  • The tool would enable a business to quickly identify risks, including unintentional transfer or storage of files, that could lead to improved security and workplace policies.
  • "It's not just about finding the malicious insider," he said. "Over half the value is just from finding the inadvertent things that are happening. It allows you to shape and drive your culture by making people aware, 'Oh, I didn't know, I wasn't supposed to do that. But now I do."
  • Click here for more BI Prime stories.

Hackers using increasingly sophisticated tools and tactics to break into their networks is a major headache for businesses. Bret Arsenault, Microsoft's chief information security officer, is also pointing to another danger: the threats from within.

Advertisement

These "internal risks" range from inadvertent mishandling of a sensitive file to the theft of company secrets, sometimes by a departing employee. This week, Microsoft said it now has a better way to take these on with a new Office 365 tool, called "Microsoft Internal Risk Management," which tracks the way information flows within a network, and to quickly identify potential risks.

"Many of us were focused on external adversaries and I don't think it's a mistake," Arsenault told Business Insider. "But we realized we also have a real issue with insider threat. You have thousands of people that are inside your organization as employees, approved vendors logging into your systems all the time. And therefore, it makes sense to be concerned about those people."

The new cloud-based tool offers a more efficient way of flagging risk, Arsenault said. This is especially true in the case of departing employees suspected of stealing sensitive files, he said. Arsenault cited cases in the semiconductor industry where an employees left one company to join another and stole intellectual property from a company.

'Magic box'

Tallah Mir, a Microsoft product manager, said a typical company practice is to "bring all the signals to this magic box, and I'll see what looks like suspicious activity."

Advertisement

"They come in and they say, 'Look, here's a big pop, and I want you to throw anything and everything in the kitchen sink at it.'" Mir told Business Insider. "And I'll see if I can find something suspicious. That's boiling the ocean."

Arsenault said that, in the past, some companies perform an audit shortly before or right after the employee leaves, which can lead to errors, including, especially "false positives."

"To be honest, there's a little bit like looking for a needle in a haystack when you're trying to do it in the old model," Arsenault said. "The new model is much more proactive where it's continuously using the signals to let us know...It's like finding a polar bear in a snowstorm or a blizzard. We have this amazing capability to separate signals to noise."

For example, a system may flag an employee who downloaded a huge amount of data. "But if it's their 40 megabytes of data that's not confidential or critical, and they were storing their pictures in it, it's a huge waste of time to go look at that stuff," Arsenault said.

The Microsoft tool gives a business the ability to monitor information flow in real time. The technology allows a company to define the risky practices to look out for.

Advertisement

"It's not going to raise things to you unless you tell it to look for specific things," Mir said. "You can come in and say things like, 'Yes, I want you to look at their download activity. Yes, I want you to look at their copying activity. No, I don't want you to look at their email.'"

'Not just about finding the malicious insider'

Alym Rayani, a senior director for Microsoft's Office 365 product, said a business may focus on a specific security concern. For example, it could flag activities related to a specific company project.

"I know that's a super secret project that's supposed to be protected," he told Business Insider. "It's not what you want outside the organization. And clearly this file has been downloaded. So now I know this is a serious issue. I now need to get folks involved from HR from legal and started going through the process."

But Arsenault said the Microsoft tool isn't just about stopping intellectual property theft and other malicious acts. It can also help them come up with better policies related to the way information is stored and managed within the organization.

"It is not just about finding the malicious insider," he said, noting that the Microsoft tool can also pinpoint "the inadvertent things that are happening," including practices that lead to the mishandling of data.

Advertisement

"When we say inadvertent it still has potential ramifications," he said. The Microsoft tool can be used to fine-tune the way the organization works, "by making people aware, 'Oh, I didn't know, I wasn't supposed to do that. But now I do.' And then they spread the word and it becomes part of our training."

Got a tip about Microsoft or another tech company? Contact this reporter via email at bpimentel@businessinsider.com, message him on Twitter @benpimentel or send him a secure message through Signal at (510) 731-8429. You can also contact Business Insider securely via SecureDrop.

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article