Subscribe

Your email:

Popular Posts

Posts by Tag

Cloud Compliance Blog

Current Articles | RSS Feed RSS Feed

Insider Risk: Now More Than Ever

Posted by Robbie Forkish on Thu, Oct 08, 2009
Submit to Digg digg it | Submit to Reddit reddit | Add to delicious delicious | Submit to StumbleUpon StumbleUpon | Share on Facebook Facebook | Share on Twitter Twitter | Share on LinkedIn LinkedIn 

It should come as no surprise that the current economic climate has increased the risk of fraud from insiders. But the degree to which the insider threat problem has increased is a surprise, as described in a Dark Reading article Bankers Gone Bad: Financial Crisis Making The Threat Worse. According to a new survey by Actimize, nearly 80 percent of financial institutions worldwide say the insider threat problem has increased in the wake of the economic downturn. Only 28 percent of financial institutions had not suffered an insider breach in the past 12 months (not including the breaches we don't yet know about).

How do insiders commit fraud? The profile of the bank fraudster that typically commits these crimes is a trusted, full-time employee, one who is well-versed in its operations and how to circumvent them and remain under the radar. And a favorite method is to use a dormant account resulting from excessive user entitlements:

"Some security measures for limiting user access to sensitive data, such as minimizing user privileges, don't apply cleanly for banks... The best thing they can do is proactively monitor and look for signs that user entitlements aren't being abused."

If looking for signs that user entitlements aren't being abused was possible, everyone would do it, right? Well, it has to be cheap, too: according to the survey, the biggest single challenge to meeting the threat is the cost of doing so.

In the past 12 months, 70 percent of financial institutions say they have experienced a case of data theft by one of their employees. Nearly half of the banks in the Actimize survey say they are losing 1% to 4% -- four percent! -- of their total revenues to insider fraud. With that as incentive, the most plausible explanation for failing to prevent fraud resulting from excessive user entitlements is that banks don't know how. What they do know is that perfect access control isn't possible, and that Identity Management (IdM) systems combined with manual reviews still fails to identify many excessive entitlements.

And they also know that excessive entitlements (also known as excessive access rights) was the top audit finding for the past two years.

Cloud Compliance is developing an Identity and Access Assessment (IdAA) solution to manage entitlements (also called privileges, or access rights). We identify users with excess entitlements, and provide tools for isolating high levels of over-entitlement by group, business unit or by application. Such tools enable root cause identification, and provide the necessary insight for remediation and process improvement. Furthermore, due to our global visibility as a cloud-based SaaS solution, we capture statistics industry-wide that our customers can access for setting their own policy benchmarks. Finally, the Cloud Compliance SaaS solution requires no software to install, maintain and operate, no appliances to deploy, no consultants, advisors or professional services to deploy, and no huge upfront capital expense to incur.



Tags: , , , , , , , , ,

Comments

I believe that in most large organizations, unless there is an access and identity management system configured to automatically remove all but basic network access upon an employee's transfer to another business area or promotion into a higher position and replace it with the enterprise roles for that specific job function, this will continue to be an issue. I often see issues with 'role bloat' where employees have excessive and/or conflicting access. Managers often don't know what access their employees have and during audits will often approve the audit without carefully reviewing an employee's access.
Posted @ Tuesday, October 13, 2009 5:09 PM by Deb
The problem is that companies still believe once they are in compliance, they are safe from any kind of fraud. They don’t understand that compliance is a first great step in the right direction, but that they have to do more to prevent damages. Here is a nice educational report from a Harvard Professor about a company that was 100% compliance, but had a $ 400 Million Fraud Case: http://www.securityworldmag.com/head/weekly_view.asp?idx=1227 
 
For the ultimate DATA LOSS PREVENTION (DLP), companies need to understand and accept two important facts, before they can solve the problem: 
 
First they need to find a way (a technology) to protect the data on the data level (protect the King not the Castle!!!). Second they need to enable this data level protection with biometrics so they can control which actual user is accessing the data or get’s rejected. So far most users log on with a log on and password and any intruder can easily steal the password and “become” his co-worker. There is no control and no proof who was the actual user who did access the data! 
 
I would like to invite you to view some educational information about the ultimate Data Loss Prevention – entirely integrated into the well known SAP ERP system with biometrics.  
 
Learn about the Business Challenge (the Risk), The Technical Challenge (the Compliance) and the technology solution for the ultimate Data Loss Prevention: www.DLP4SAP.com  
 
This is the only way to truly protect any IT system! 
Posted @ Wednesday, October 28, 2009 4:01 PM by Thomas Neudenberger / realtime
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics

Receive email when someone replies.