Predictive Behavioral Analytics: Fact or Fiction
Advances in monitoring technology and behavioral analytics could help organizations predict and prevent insider crimes.
In the 2002 movie Minority Report, three clairvoyants are able to visualize impending murders. Police, with the help of some impressive-looking computers, then use this information to locate would-be perpetrators and apprehend them before the crime occurs.
Although Minority Report is a work of fiction and set in 2054, the use of insights to predict and prevent crime may not be as far away as you think.
In the past, before the helping hand of communication monitoring, financial firms had little insight into employee misconduct. If someone decided to dabble in insider trading, they either got away with it, or a regulator found out and started to rummage meticulously through archived communication data for proof of the indiscretion. In this sense, it was only possible to take action once the crime had been committed.
Firms became frustrated with receiving huge fines every time an employee breached regulations, and so employed communication monitoring to identify non-compliant behavior. Modern, AI-powered solutions utilize risk-specific algorithms to flag problematic content for compliance teams to review thereby enabling firms to address financial misconduct at the earliest possible stage, in many cases before it results in more serious regulatory scrutiny.
Moving From A Reactive To Proactive Approach
Having moved from regulators identifying a crime after it’s been committed, to firms catching rogue traders in the act, the next natural progression is to use the same communication data to help predict and prevent these issues from happening altogether.
To do that takes some slight, yet sophisticated tweaks to how monitoring solutions are currently being utilized. Existing tools, such as Behavox Compliance, use algorithms that are trained to analyze communication content and detect specific types of risk, such as collusion or spoofing. To predict who is likely to become a malicious insider, however, requires taking a step back and looking at the behavioral factors that indicate whether someone has a propensity to commit such crimes.
The Cost Of Insider Crime
Malicious insiders pose a threat to all organizations, not just those in financial services. Their crimes are not just financially motivated, but include theft of IP and sensitive information, cyber security attacks, and even corporate espionage.
A 2020 report by the Ponemon Institute found that malicious insiders cost organizations an average of US$755,760 per incident. When you consider that 60% of the organizations surveyed had an average of eight incidents per year relating directly to these criminal activities, it’s easy to see why minimizing and even preventing such attacks should be of paramount importance.
According to the report, firms spend just $22,124 on monitoring and surveillance, despite the average cost of addressing an incident being $644,852. Similar to how financial services have benefitted from treating the cause of regulatory breaches, rather than the symptoms, it will pay for organizations to adopt technology-driven, preventative measures of insider crime in the long run.
Many criminologists believe there are four key behavioral factors that are present in people who present an insider threat to their company: personal predispositions, stressors, concerning behaviors, and problematic organizational responses.
If the same AI-powered solutions that identify regulatory risk are fed algorithms to identify the above behavioral factors, organizations will have insight into where a potential threat may come. An accumulation of these factors could result in an individual being labeled as high-risk.
At this stage, Tom Cruise isn’t going to kick down any doors. Instead, security, HR, compliance, and legal counsel simply have a data-driven platform that helps them to prioritize alerts within their various security systems.
For example, without such insights, if a system flags that an employee has shared a large file from their corporate email account to their personal email account, the security team may miss the alert as they are inundated with thousands of alerts every day. However, if the alert is cross-referenced against a watchlist of employees scoring high on the behavioral factors for crime, and the email is found to have been sent from a high-risk individual, the security team can prioritize the alert and take appropriate action.
Lagging Behind Or Leading From The Front?
The most significant change in this approach is moving from lagging behavioral indicators to leading behavioral indicators. Changing from insights into something that has already happened, to insights into something currently happening, and finally to insights into something that is likely to happen.
As organizations continue to embrace data analytics to drive new business and protect their organizations against external and internal threats, being able to leverage predictive analysis is the next major competitive advantage. Many businesses are sitting on a goldmine of data and only just figuring out how to harvest insights into the past in order to help them plan for the future. Organizations that are ahead of the game are already planning on how to use real-time data to bend the future to their will.
