Recently, FBI indicted a former Houston employee of JP Morgan Chase for allegedly stealing $400,000 from the bank accounts of fifteen senior citizens. The intruder got unauthorized access to customer accounts and later sold data, including PINs, Social Security numbers and birth dates, as well as debit and bank account security codes, to an informant. This is just one instance out of several other instances of grand larcenies.\r\n\r\nToday, when you ask large companies about how resilient their security strategies tend to be, their reply may vary from \u2018We\u2019re sound\u2019 to \u2018my employees are seasoned professionals, they have been with me for years\u2019, we do background checks\u2019 \u2018we are a family and family never steals! But not long afterward, these companies get to know that their data has been stolen and security terminals have been compromised.\r\nHumans as the weakest link\r\nWithin no time these companies get into fast paced investigation mode, that surprisingly reveals the fact that the theft committed is not a present incident but a five-year-old long affair, mastered by the \u2018bad guy\u2019 in the \u2018family\u2019. The intricacies of today\u2019s thefts are always in an evolving state and it won\u2019t be wrong to say that even the biggest of all the organizations are not perfect when it comes to security enhancements. The weakest link in the security chain has always been humans and when this chain is broken, the entire organization falls apart and starts corroding.\r\n\r\nToday, a typical organization loses five percent of its healthy revenue to fraud, a potential global fraud loss of $3.7 trillion annually according to the ACFE 2014 Report to the Nations study of global fraud. Yes, call it fraud or breach, it is done within the company and by an insider who could be a seasoned employee or a honcho sitting on a big couch with an embellished designation \u2018preying\u2019 on your confidential documents and accounts.\r\n\r\nAlthough, there are many preventive measures adopted by many blue chip companies to brace this \u2018weakest link\u2019 and combat employee theft, there aren\u2019t any adequate controls to annihilate the crime from the roots or guarantee that it won\u2019t take place again. However, a person\u2019s past conduct, integrity, and judgment can provide the best hint of their future behavior.\r\n\r\nThis is where behavioral analytics makes a difference and proves to be the silver bullet for tackling myriad of breach and thefts. Behavioral Analytics is a subset of business analytics which focuses on how and why your employees behave. It helps in strengthening an enterprise\u2019s threat detection and response capabilities.\r\n\r\nIt does this by first learning the normal patterns of behaviour of every person, application, file and machine in the organization. Then, it detects and measures strange changes in those behaviours. Based on the employee\u2019s client activity or segment activity over time, an employee is flagged as potentially suspicious.\r\nAnalytics: Culminating thefts and fraudulent activities\r\nAlthough, monitoring of employee behaviour by IT is going on for a long time now, this isn\u2019t sufficient to capture and culminate the bigger challenges of sophisticated theft and fraud. So, one has to go beyond the conventional methods of curbing intrusions and clinging on to Analytics to know about the psychology of the insiders and their online activity, thus reducing the chances of data theft, pilfering and IT sabotage.\r\n\r\nBehavioural analytics today\u00a0is capable of telling the difference between employees doing their \u2018real\u2019 job and intruders who are focussed only at stealing data. As behaviour analytics technology focuses on behaviour, not static indicators of threat, it can trace attacks that bypass threat intelligence and alert on malicious behaviour earlier in the attack, thereby giving security teams the time and environment they need to quickly respond.\r\n\r\nThe possibility of detection includes attacks that don\u2019t use malware at all, such as phishing and compromised credentials. While running behaviour analytics on just one employee may not be useful in finding malicious activity, running it on a large scale would give an organization the ability to detect\u00a0malware\u00a0or other potential threats.\r\n\r\nAetna Inc., one of the largest insurers uses a combination of improved retrospective reviews and predictive analytics model to identify fraud in the payment process with greater precision. Additionally, Alibaba, the Chinese ecommerce company, has been using analytics effectively to tackle fraud. At Alibaba, any potential fraudster has to pass through extensive stages of verification which is a tough proposition.\r\n\r\nWith businesses now looking to condense chafing and keep up with emerging fraud methods, it\u2019s time that CIOs and CISO start banking on behavioural analysis since knowing what a user does in his day-to-day activities, it may prove to be a better indicator than who they say, they really are.\r\n\r\nIn its arduous search to obliterate the shortcomings with regards fraud detection, organizations have come towards behavioural analytics, which is cost effective as it doesn\u2019t require new hardware and works seamlessly on all smartphones, thus ending the pain of buying a wearable technology for authentication.\r\n\r\nThis clearly elucidates, why behavioural analytics needs to be implemented widely across every corner. While there is no denying the fact that, fraudsters are smart and trained enough to come up with sophisticated ways to vitiate the security walls, they can\u2019t possible impersonate every aspect of user behaviour, thus allowing behavioural analytics to evolve and dupe the fraudsters by every means!