True (Cyber) Detectives
Why people are the essential tool to fight cyber crime.
In early 2014, while manually digging through data logs, one of the cyber analysts at my company noticed some suspicious activity on one of our client’s laptop. This particular device was active at a time of day when we knew it should have been idle — at this point, the customer support team had a baseline of the client’s device and network traffic and knew what was “normal” or abnormal. The volume of traffic looked innocuous, but the frequency was suspicious: The same event log had occurred at the exact same time each day for the past two weeks, suggesting that this was being caused by an automated script making regular connections to its command and control server. We ultimately determined this was, in fact, a malicious program hiding on the client’s device attempting to exfiltrate data. But the corporate cyber intrusion detection system we had in place at the client’s home never picked this up. It was our analyst who pieced this together.
This was hardly the first time that a human found something a system overlooked. That’s in part because at that time, as we were discovering the importance of humans to the work of cybersecurity, we were also learning that the cyber solutions that worked for big corporations just didn’t work for our client base of high-net worth individuals and families. Changes that could indicate a security threat for an individual are usually disregarded as mere noise by corporate systems that are built to monitor thousands of people.
This post has moved. To continue reading, please visit https://www.newamerica.org/cybersecurity-initiative/humans-of-cybersecurity/blog/true-cyber-detectives
