Privacy Concerns of Threat Intelligence

“It takes more than intelligence to act intelligently.” — Fyodor Dostevsky

To avoid security breaches and cyber attacks, it is critical to identify and examine the root cause — which generally emerges from weapons such as botnets, viruses, malware, etc. But, companies and industries often fail to consider the threats that come from within the company — such as employees — called Insider Threat. With increase in number of cyberattacks and with cybercriminals using more sophisticated malware; efforts to make systems secure is also increasing. The traditional, lackadaisical “detect and improve” fashion is being replaced by a more proactive “predict and prevent” attitude. Almost all organizations are aiming to build fail-safe security solutions. For this reason, network security forensics have come up with modern techniques that identify the root cause of network-based crimes, called Threat Intelligence.

Machine Learning, Data Mining, Artificial Intelligence, and other advanced fields have contributed substantially to predict the future attacks based on the previous failures of the system. Threat intelligence relies on machine learning techniques that study systems when they were attacked and compromised, and predict the future occurrence of security breaches. Not just botnets and malware, these practices can also detect users who are trying to breach the system from the inside. Such threat intelligence software includes honeypots, firewall policies, and various pattern recognition techniques.

Though it seems like a perfect way to combat cybercrime, from a privacy point of view it is a violation. Watching all employee activities and constantly testing users is no different than any mass surveillance programs. For any legitimate employee, threat intelligence programs are a privacy nightmare. Here’s why :

Ethically, it is wrong :

To what extent is an employee obliged to be monitored? Is it ethically right to scrutinize each and every mail? Will it be done by their consent? These few questions, do not have the right answer. Every employee has a right to personal space whether or not they are in the office, as none of their activities using the company’s device is private. This problem magnifies when companies have BYOD (Bring Your Own Device) policy. It leaves a thin gap between work life and personal life.

Surveillance Capabilities :

The surveillance technologies used by these companies make it easier to seek more insight on user behavior, monitor their activities on a constant basis. This information can be misused by third parties. One might argue that surveillance is done for the betterment of security. But transparency and openness, from the public privacy point of view is must to gain employees’ trust.

Employees and companies must find a common ground regarding privacy and threat intelligence. Instead of monitoring, security policies could include few activities such as : general norms of computer usage (such as using VPN and login mechanisms) and acceptable range of events, but only after informing the employee. Initial policies must be set by each company and followed.