EMEA TECHNOLOGY
Combat Insider
Data Breaches with
Privileged Access Management When it comes to cyber security, financial institutions are generally quick to adopt new technologies, though many organisations are still hamstrung by legacy infrastructure and applications. A recent study from IBM found that financial services organisations are breached on average 65% more than organisations in any other industry. So, with the everincreasing attacks to banking infrastructure from sophisticated cyber-criminals, one of the biggest challenges facing banking IT is investigating incidents and recovering as quickly as possible. The increased risk to banks is due to the massive amounts of sensitive data they keep stored, which can provide immense financial gains for cyber-criminals. Financial organisations must also comply with industry and government regulations which require them to monitor and record all access to their sensitive information. For this reason, it’s now more important than ever for banks to protect their clients’ identities and their own privileged users’ accounts, which are top priority targets for criminals. However, this can present a challenge due to the large, distributed IT networks typically operated by international financial organisations, often managed by hundreds of system administrators.
22 | Issue 9
In such large distributed environments, having enough employees focused on security can be almost impossible. Whilst password based authentication can help restrict access, hackers can easily infiltrate financial IT system accounts using social engineering tactics. There is also the problem of the malicious insider, or employees who have decided to go rogue. Banking security managers must look for advanced security solutions, which allow them to focus on insider threats and monitor user activities in real-time, and make sure to continuously audit who is doing what in their IT systems. Effective incident response Following an incident, the simple question of ‘who did what’ is one of the most critical, but it’s also the most difficult to answer. Organisations want to determine the root cause as quickly as possible, to meet government and compliance regulations. This can often involve security teams analysing thousands of logs during an investigation, which is time and resource intensive. When an incident includes privileged account access, this can present even more of a challenge. Privileged insiders and external attackers in control of hijacked credentials can easily cover their tracks by modifying or deleting log files, making it that much harder to
determine the roots of the attack. It’s because of this that hijacking privileged accounts has become a popular method of attack for criminals. What can banks do to manage privileged access incidents? Firstly, financial organisations must have a proper access policy implemented, which should be based on the least privilege rule. They should also be able to detect potential insider threats at the earliest stages. The best way to speed up the incident response process is to deploy a privileged access management (PAM) solution. These kinds of solutions can act as centralised authentication and accesscontrol points in the IT environment, which in turn provides access control, session recording and auditing to prevent security breaches and speed up forensics investigations. Additional security that doesn’t burden users with more constraints can be achieved by deploying an agentless, transparent proxy technology. The data collected from the monitoring solution can be used to build detailed profiles of each privileged user to demonstrate baseline ‘normal’ behaviour and then privileged account analytics can be used to spot anomalies as they happen, which are then flagged to the security teams who can then tackle potential breaches as they occur.