Oliver Brdiczka, Principal Data Scientist, Vectra Networks

Oliver Brdiczka is Principal Data Scientist at Vectra Networks where he leads their insider threat research. Before joining Vectra Networks, Oliver Brdiczka was Director of Contextual Intelligence at Xerox PARC and principal investigator in the ADAMS (Anomaly Detection At Multiple Scales) program of the Defense Advanced Research Projects Agency (DARPA) aiming at developing novel methods to detect and prevent the insider threat using data science and machine learning. Oliver Brdiczka holds a Ph.D. in Computer Science from INP Grenoble. He has authored more than 70 peer-reviewed papers and articles, and holds more than 10 patents in the fields of insider threat detection, human behavior analysis, machine learning, and contextual intelligence.

Recent Posts

Is your thermostat spying? Cyberthreats and the Internet of Things

Posted by Oliver Brdiczka, Principal Data Scientist, Vectra Networks on Jul 13, 2015 10:22:27 AM

The Internet of Things (IoT) is beginning to have a huge impact on our daily lives, and it will grow by orders of magnitude. However, the multitude of IoT devices with zero, limited or outdated security could produce disastrous results. It will be a formidable task to secure every small IoT device or toy. Security solutions that watch device behavior and identify anomalies might be our only hope.

The IoT is on the rise...

The genesis of IoT goes back to the early ’90s when PARC chief scientist Mark Weiser came up with the vision of Ubiquitous Computing and Calm Technology. In this vision, computing becomes “your quiet, invisible servant” and disappears from conscious actions and the environment of the user.

Read More »

Topics: Cyberattacks

Do you know how to protect your key assets?

Posted by Oliver Brdiczka, Principal Data Scientist, Vectra Networks on Mar 27, 2015 10:26:34 AM

Security breaches did not stop making headlines in recent months, and while hackers still go after credit card data, the trends goes towards richer data records and exploiting various key assets inside an organization. As a consequence, organizations need to develop new schemes to identify and track key information assets.

The biggest recent breach in the financial industry occurred at JP Morgan Chase, with an estimated 76 million customer records and another 8 million records belonging to businesses stolen from several internal servers. At Morgan Stanley, an employee of the company’s wealth management group was fired after information from up to 10% of Morgan Stanley’s wealthiest clientele was leaked. Even more sensitive was the largest health-care breach thus far: at Anthem, over 80 million records containing personally identifiable information (PII) including social security numbers were exposed. Less well-known, but potentially more costly in terms of damage and litigation is the alleged theft of trade secrets by the former CEO of Chesapeake’s Energy (NYSE: CHK).

Read More »

Topics: Insider Threats, Data Science

Detecting the Insider Threat – how to find the needle in a haystack?

Posted by Oliver Brdiczka, Principal Data Scientist, Vectra Networks on Jan 10, 2015 10:00:00 AM

In the previous posts, we have examined the insider threat from various angles and we have seen that insider threat prevention involves the information security, legal and human resources (HR) departments of an organization. In this post, we want to examine what information security departments can actually do to detect ongoing insider threats, and even prevent them before they happen.

The literal needle in the haystack

Overall, insider threats represent only a small proportion of employee behavior. And while only the ‘black swan’ incidents become public knowledge, minor incidents such as theft of IP or customer contact lists will add up to major costs for organizations.

In addition, insiders are by default authorized to be inside the network and are both granted access to and make use of key resources of an organization. Given the large pile of access patterns visible in an organization’s network, how is one to know which ones are negligent, harmful or malicious behavior?

Read More »

Topics: Insider Threats, Data Science

Malicious Insider Psychology – when the personal bubble bursts

Posted by Oliver Brdiczka, Principal Data Scientist, Vectra Networks on Dec 22, 2014 3:00:00 PM

In the previous post, we examined the motivations and constraints that make an insider ‘malicious,’ and we saw that external and mental pressure, an opportunity to steal confidential information and rationalization of the potential theft are the factors that contribute for an insider to turn against his employer.

While these three factors are necessary triggers for becoming malicious, there is much more going on in an insider’s mind before, during and after an attack. What are the mental stages that a ‘turning’ insider goes through? And what are potential indicators for each stage?

Read More »

Topics: Insider Threats

Malicious Insider Psychology – when pressure builds up in the Fraud Triangle

Posted by Oliver Brdiczka, Principal Data Scientist, Vectra Networks on Dec 13, 2014 9:00:00 AM

In previous posts, we have discussed various types of insider threats that affect US government, companies and organizations in charge of critical infrastructure. We have discussed various insider attack patterns, but what are the motivations and constraints that make an insider turn against his employer?

We have seen that so called ‘whistle blowers’ may act upon their own convictions and turn against their employer, but their numbers are very limited.As the majority of cases involves the theft of information and assets in an organization for own personal gain, what are the motivations and constraints in this case? 

Read More »

Topics: Insider Threats

Insider attacks pose a serious threat to critical U.S. infrastructure

Posted by Oliver Brdiczka, Principal Data Scientist, Vectra Networks on Dec 7, 2014 7:00:00 AM

A scary 70 percent of critical infrastructure organization suffered security breaches in the last year, including water, oil and gas, and electric utilities. An almost equally high number of 64 percent anticipate one or more serious attacks in the coming year. 

In the previous posts of this series, we highlighted insider threat risks for US companies and how they respond to them. While the insider threat in government agencies and big companies is a known problem with somewhat implemented mitigation strategies, less is known about the insider threat to critical US infrastructure, such as water purification or nuclear power plants. To illustrate the nature of the threats, let me provide two examples from a Department of Homeland Security report – the Insider Threat to Utilities report.

Read More »

Topics: Insider Threats

Insider Threats - the myth of the black swan

Posted by Oliver Brdiczka, Principal Data Scientist, Vectra Networks on Nov 30, 2014 9:00:00 AM

Insider Threats - the myth of the black swan While the reported $40 billion of insider threat losses for the US economy seem scary, many companies consider insider threats to be more like a ‘black swan’ event – highly visible, but extremely rare, abstract, and too hard-to-predict in order for it to constitute a real threat. But it is the gray areas companies should be wary of.

In previous posts of this series, we described how companies are affected by malicious insider incidents, and what impact and cost these incidents might cause. Most think of highly publicized whistleblower cases such as Edward Snowden and Bradley Manning. Overall, these seem like natural disasters (e.g., earth quakes), you can take some precautions, but then you just hope it will not happen to you … and if it does, it will be disastrous (and you just have to accept it).

In addition, I often hear arguments from small and medium sized companies that they do not feel exposed to the insider threat because:

Read More »

Topics: Insider Threats

Insider Threats - how they affect US companies

Posted by Oliver Brdiczka, Principal Data Scientist, Vectra Networks on Nov 22, 2014 7:00:00 AM

Oliver_B_Blog_Image_Week_3In the second post of this series, we looked at basic definitions of insider threat incidents and their impact on organizations. Now, let’s have a closer look at how malicious insider threat actions affect companies in the United States, and how companies can respond to these threats.

From the most recent consolidated data available on this subject, over 50% of organizations report having encountered an insider cyberattack in 2012, with insider threat cases making up roughly 23% of all cybercrime incidents. This percentage has stayed consistent over the prior couple of years, but the total number of attacks has increased significantly.

The result is $2.9 trillion in employee fraud losses globally per year, with $40 billion in losses due to employee theft and fraud in the US in 2012 alone. The damage and negative impact caused by insider threat incidents is reported to be higher than that of outsider or other cybercrime incidents.

Interestingly, in contrast to outsider attacks on networks, insider cyberattacks are under-reported. Only a few cases make it into public media or are even known to insider threat experts. Reasons for such under-reporting areinsufficient damage or evidence to warrant prosecution, and concerns about negative publicity. The risk of revealing confidential data and business processes during investigations may be another reason why many companies don’t report and prosecute insider threat incidents.

Read More »

Topics: BYOD, Insider Threats

Insider Threats - is your organization safe?

Posted by Oliver Brdiczka, Principal Data Scientist, Vectra Networks on Nov 15, 2014 6:39:00 PM

In the previous post of this blog series, we discussed highly publicized whistleblower cases such as Chelsea Manning and Edward Snowden. While government agencies are ramping up their protections of data and infrastructure against these cases, what danger do malicious or negligent insiders constitute for organizations, including corporations and small businesses, and what kind of insider threats exist? Is your organization safe?

Let’s first look at a more formal definition of the malicious insider. According to the computer emergency response team (CERT) at CMU, a malicious insider is a current or former employee or contractor who deliberately exploited or exceeded his or her authorized level of network, system or data access in a way that affected the security of the organization’s data, systems, or daily business operations.

Read More »

Topics: Insider Threats

Insiders – Threat or Blessing?

Posted by Oliver Brdiczka, Principal Data Scientist, Vectra Networks on Nov 12, 2014 11:30:00 AM

Insiders leaking information about secretive government practices and decision-making have had their impact on public opinion and United States policies in recent years, but are these leaks for the benefit of society, or do they push a hidden agenda?
The most prominent example is  Edward Snowden who leaked significant amounts of classified information from the National Security Agency (NSA) about its practices. On September 23,  Edward Snowden received the Swedish human rights award, also referred to as the alternative Nobel prize, for his revelations in 2013. Snowden, who “blew the whistle,” got rewarded  “for his courage and skill in revealing the unprecedented extent of state surveillance violating basic democratic processes and constitutional rights.” 
Read More »

Topics: Insider Threats

Subscribe to the Vectra Blog

Recent Posts

Posts by Topic

Follow us