Are you monitoring your IT end users to mitigate suspicious behavior?
September 06, 2019 | User Behavior, Malicious Insiders
Do you remember the infamous data breach incident of Desjardin three months back? According to the statement of the officials, the entire world was shocked to learn that the organization suffered massive breach of sensitive and confidential information of 2.7 million people and 1,73,000 organizations. This data consists of names, email Ids, addresses, birth dates, social insurance numbers (SIN) and transaction habits of the users. Fortunately, the passwords security questions and personal identification numbers were not compromised.
How did it happen?
According to Desjardins officials, the culprit behind this breach was an existing employee who unlawfully collected private information of the bank’s customers, and shared it with a third party. That tainted employee was fired and arrested eventually. According to the CEO of Desjardins Group, this is not just a conventional case of data theft, but this was a typical incident of uncontrolled and unmonitored access control mechanism that led to compromise of sensitive data. Further report reveals that there were no individuals in the bank who had authorized access rights to the critical information of employees and customers. But this malicious insider stealthily merged his own privileged account with the other privileged accounts to accumulate all the information he intended to steal.
In one of the previous analytical articles, we discussed how and why user activities require seamless monitoring. Let us delve a little deeper on that. There are several types of individual behaviour in an organization that normally requires intense monitoring.
- End users that deviate from their normal baseline activities can orchestrate attacks on critical systems or compromise data
- The disgruntled or unsatisfied employees are always a matter of worry because as an act of revenge, they incur heavy losses by destroying, tampering or stealing data to disrupt business processes. In most cases these compromised insiders snoop privileged credentials
- The third party users or business partners who often access databases, applications and privileged accounts to administer critical tasks can misuse or abuse confidential information
How to mitigate these imminent IT risks?
The most pertinent way for overcoming this typical enterprise IT use case challenge is to deploy robust risk preventive solutions such as Privileged Access Management (PAM) and UBA (User Behaviour Analytics). With a high number of IT users and ever-growing number of devices operating in any enterprise network, it is always a big challenge for the administrators to keep monitoring each and every user activities. Hence, a detailed analysis of the end user behaviour, especially that of privileged users, is extremely crucial to predict and mitigate underlying IT risks.
UBA and PAM helps building an additional IT security layer by keeping a real-time monitoring on IT users. By configuring the devices as per an enterprise IT policy framework and by applying role and rule based access controls over end-users, the security and compliance management team can spot and identify risky behaviour profiles that diverge from with the configured baseline activities. In addition, PAM allows to capture all logs both in text and video formats so that the administrators can come to know the context behind a privileged session. This eventually helps in finding out suspicious activities and take crucial decisions for the sake of securing information assets.
The Bottom line:
Minutest of negligence in monitoring the users can wreak havoc in organizations with malicious threats and lose credibility in the business front. Hence, monitoring the IT end users relentlessly should be a must for any organization
ARCON is a leading enterprise risk control solutions provider, specializing in risk-predictive technologies. ARCON | User Behaviour Analytics enables to monitor end-user activities in real time. ARCON | Privileged Access Management reinforces access control and mitigates data breach threats. ARCON | Secure Compliance Management is a vulnerability assessment tool.