Comprehensive and Detailed Explanation (ECIH-aligned):

This scenario exemplifies a classic malicious insider threat, where a trusted employee with legitimate access abuses their privileges. According to the EC-Council ECIH curriculum, traditional perimeter controls and static access restrictions are often ineffective against insiders because the actions appear legitimate at a surface level. Therefore, the primary emphasis must be on behavior-based detection.

Option D is correct because behavioral analytics enables organizations to establish baselines of normal employee behavior and identify deviations such as unusual access times, excessive data downloads, atypical system usage, or abnormal data transfer patterns. ECIH highlights behavioral monitoring as a critical control for detecting insider threats early, especially when access credentials are valid and authorized.

Option A may limit productivity and does not detect malicious intent. Option B is an administrative practice with limited security value. Option C improves awareness but does not detect deliberate malicious behavior.

By implementing behavioral analytics, ClobalTech can identify subtle indicators of insider misuse, respond earlier, and reduce the impact of long-term data exfiltration, aligning with ECIH best practices for insider threat mitigation.