Organisations must accept that breaches are, indeed, inevitable. Accepting this is not to take a negative stance, but to accept the reality of today's dynamic threat landscape.
Our research shows that the primary impediment to detecting hapless user behavior is not knowing what that behavior looks like. At face value a hijacked user looks just like any other user: they have valid credentials, and that is more-or-less all the checking that is done.
Whether it’s an insider or a hapless user the outcome is the same (a potential breach) so organizations must focus on all user activity. Real-time analytics of user behavior can detect activity that unintentionally exposes the organization to increased risk, and this can be stopped before real damage is done.
Importantly, stopping an action as it happens is an extremely effective way of educating the user community: behavioral analytics stops users from being hapless and teaches them behaviors that exemplify good security practice