Systems and methods for automated anomalous behavior detection and risk-scoring individuals

What is claimed is: 1. A computing system comprising one or more processors configured to: receive, via a data channel from an agentless monitoring data source, user activity data associated with a first computing device of a first user; determine a policy violation based on the user activity data; compare employee-related information associated with the first user to a threshold; determine a baseline level of risk based on the employee-related information exceeding the threshold; determine a user score based on an impact dimension and at least one of a threat dimension or an exposure dimension, wherein the impact dimension comprises a permissions component defining a number of active accounts accessible by the first user and an access component defining a number of inactive accounts associated with the first user, the threat dimension comprises a relative component, and the exposure dimension comprises a technical component; determine a probability of an adverse event based on the baseline level of risk and the user score; generate a user-interactive electronic notification comprising an indication of the probability of the adverse event; and transmit the user-interactive electronic notification to a second computing device. 2. The computing system of claim 1 , wherein the agentless monitoring data source is different from the first computing device, and wherein the agentless monitoring data source is a storage array, a network device, a server, or a hypervisor. 3. The computing system of claim 1 , wherein the agentless monitoring data source comprises computer-executable code executed from the first computing device, the one or more processors configured to parse the user activity data from the computer-executable code. 4. The computing system of claim 1 , wherein the user activity data further comprises data generated by a logging agent executed on the first computing device. 5. The computing system of claim 1 , wherein the user activity data comprises use data pertaining to the first computing device. 6. The computing system of claim 1 , wherein the user activity data comprises Internet traffic data from the first computing device. 7. The computing system of claim 1 , wherein the policy violation comprises at least one of an infiltration characteristic associated with an event indicative of data loss or a flight characteristic associated with an event indicative of a departure. 8. The computing system of claim 7 , wherein the employee-related information comprises performance evaluation data associated with the first user. 9. The computing system of claim 7 , wherein the employee-related information comprises job role and seniority data associated with the first user. 10. The computing system of claim 1 , wherein the data channel is a batch channel and wherein the one or more processors receive the user activity data at predetermined time intervals. 11. The computing system of claim 1 , the one or more processors further configured to: activate a logging agent on the first computing device based on the probability of the adverse event. 12. The computing system of claim 1 , wherein the data channel is a synchronous channel and wherein the one or more processors receive the user activity data in substantially real-time. 13. The computing system of claim 1 , wherein the user-interactive electronic notification comprises a linked training video. 14. A computer-implemented method comprising: receiving, via a data channel from an agentless monitoring data source, user activity data associated with a first computing device of a first user; determining a policy violation based on the user activity data; comparing employee-related information associated with the first user to a threshold; determining a baseline level of risk based on the employee-related information exceeding the threshold; determining a user score based on an impact dimension and at least one of a threat dimension or an exposure dimension, wherein the impact dimension comprises a permissions component defining a number of active accounts accessible by the first user and an access component defining a number of inactive accounts associated with the first user, the threat dimension comprises a relative component defining a behavior of the first user relative to a behavior of a peer of the first user, and the exposure dimension comprises a technical component defining an amount of communication traffic for the first user and a determination of whether a login credential of the first user is compromised; determining a probability of an adverse event based on the baseline level of risk and the user score; generating a user-interactive electronic notification comprising an indication of the probability of the adverse event; and transmitting the user-interactive electronic notification to a second computing device. 15. The computer-implemented method of claim 14 , wherein the agentless monitoring data source is different from the first computing device, and wherein the agentless monitoring data source is a storage array, a network device, a server, or a hypervisor. 16. The computer-implemented method of claim 14 , wherein the user activity data further comprises data generated by a logging agent executed on the first computing device. 17. The computer-implemented method of claim 14 , wherein the user activity data comprises at least one of use data pertaining to the first computing device and Internet traffic data from the first computing device. 18. The computer-implemented method of claim 14 , wherein the policy violation comprises at least one of an infiltration characteristic associated with an event indicative of data loss and a flight characteristic associated with an event indicative of a departure. 19. The computer-implemented method of claim 18 , wherein the employee-related information comprises at least one of performance evaluation data associated with the first user or job role and seniority data associated with the first user, the computer-implemented method further comprising activating a logging agent on the first computing device based on the probability of the adverse event. 20. A non-transitory computer-readable medium comprising instructions stored thereon that, when executed by one or more processors of a computing system, cause the computing system to perform operations comprising: receiving, via a data channel from an agentless monitoring data source, user activity data associated with a first computing device of a first user; determining a policy violation based on the user activity data; comparing employee-related information associated with the first user to a threshold; determining a baseline level of risk based on the employee-related information exceeding the threshold; determining a user score based on an impact dimension, a threat dimension, and an exposure dimension, wherein the impact dimension comprises a permissions component, the threat dimension comprises a relative component defining a behavior of the first user relative to a behavior of peers of the first user, and the exposure dimension comprises a technical component defining an amount of communication traffic for the first user and a determination of whether a login credential of the first user is compromised; determining a probability of an adverse event based on the baseline level of risk and the user score; generating a user-interactive electronic notification comprising an indication of the probability of the adverse event; and transmitting th