Robust cyber security policies are no longer enough
Tech Week has reported this week on the story of UK business software giant Sage, whose 32 year-old female employee was arrested at Heathrow Airport by the City of London Police in connection with an alleged fraud against the company.
The arrest has been linked with the news that personal information relating to employees at 280 UK companies that are Sage customers has been subject to unauthorised access, including bank account details and salary information.
The full details of the Sage story have yet to emerge, but it is very likely to be related to the growing threat that companies now have to deal with from inside, rather than outside, the corporate security perimeter. The so-called “social engineering” threat will not come as a surprise to readers of this blog. You will know that we have been warning for some time of the threat and the counter measures that need to be taken.
The Tech Week story cites FBI advice from 2014 that firms need to be aware of the risk posed to their systems by unhappy and former employees. The FBI warned that employees are facilitating attacks through the use of cloud storage web sites like Dropbox and personal e-mail accounts and continue to access the corporate network through the installation of unauthorised remote desktop protocol software prior to them leaving the company.
So far, so good, but the FBI advice to counter this threat through the use of user-centric identity and access management programmes falls some way short of what is actually needed to be effective counter measures. The fact is that the determined and tech savy employee will always find a way around such obstacles and it is vital that such unauthorised or suspicious activity is identified immediately, and before any real damage can be done.
What is actually needed, in addition to robust internal security policies of the kind recommended by the FBI, is a leading edge behavioural threat monitoring solution, such a ThreatSpike. This solution will trawl your network 24/7, build up a pattern of normal behaviour based on big data technology and complex algorithms, and alert you immediately to any suspicious behaviour, such as unauthorised access or download activity.
This allows you to take immediate action to challenge the individual, restrict their access rights or commence active monitoring of their activity. You can even conduct a retrospective trawl for previous activity if your suspicions are raised.
Don’t wait until the damage has already been done and then try to recover the situation. Take proactive action now to mitigate the threat by trying out our solution on a free trial basis.