Privileged Access Management (PAM) is one of the most discussed area of today’s cyber security arena. With the increased number of alarming data breach scenarios worldwide, it is very obvious that PAM solution would shield the organizations from any threats arising from unmonitored accounts or poor access control system. Here is a brief account of few practices that could enrich Privileged Access Management (PAM) to the next best level of robustness.
Defying the enemy within
As the wave of digitization sweeps across the nation, it is terribly crucial for the organizations, irrespective of large or small, to take adequate security measures for protecting their huge amount of data generated every day from various sources. The CISOs, CTOs and CSOs are ceaselessly on their toes to curb the chances of any hack or data breach incident that might push them towards big irrevocable losses. This scenario of insider threats is considered to be one of the most sinister reasons for digital disaster.
Identification of Insider Threats
The implications of insider threats largely go to the administrators and other privileged users, who are commonly
We have been touring across the world since the beginning of the year, participating in several IT security events. While our main goal is to educate organizations–amid rising cybercrime– to reinforce their information systems by adapting to our risk-management solutions, we are also meeting with Chief Information officers (CIOs), Chief Information Security Officers (CISOs), and audit and compliance officers.
One-to-one meetings help us in understanding IT security needs. As an IT security provider, however, we must tell you that it is very heartening to find that organizations across all industries, have shown increased awareness towards cyber-security.
A $101 million bank heist, earlier this year, brought the issue of cybersecurity to the forefront once again. In a sophisticated operation, cybercriminals robbed the Central Bank of Bangladesh by getting hold of SWIFT (society for Worldwide Interbank Financial Telecommunication code), the access code for global cross-border payment messaging system.
More important, it wasn’t an isolated case. Even as the dust over Bangladesh bank incident had not settled, the global banking system was again taken aback. This time it was an Ecuador bank, which was hit by a $12 million cyber-heist. The modus operandi was same.
Andrew Dalglish, director of Circle Research, a UK based research firm recently said “The very people working in businesses can pose as the biggest threat to its security.” That’s a pretty huge statement to make come to think of it. Why would he say that when organizations across the world are taking the necessary precautions and spending billions on IT security? Well the answer to that is simple; most organizations are still focused on thoroughly securing their perimeter. Based on a survey by SpectorSoft, a pioneer in user activity monitoring and behavior analysis, a staggering 62% organizations saw a rise in insider attacks over 2014-2015. This means, although a majority of the organizations are aware of privileged access security and have security solutions in place, they have seen a rise in insider threats. Research firm Gartner has solved this mystery stating “Less than 5% of the organizations were tracking and reviewing privileged activity in 2015. The remaining are at best controlling access and logging when, where and by whom privileged access has taken place but not WHAT actually is done.”
Just as I went to collect my iPad this morning from the study room, something that was an integral part of my childhood grabbed my attention. This precious treasure was lying in one corner dusted and covered by a cloth which had torn. The treasure that I speak about was my best friend and is nothing else but the desktop computer that I used in the 90’s and early 2000’s. There was a time when for any important work or internet use, only one device could be used – the computer. Today if I want information on the internet, the last thing I use will probably be that desktop computer. And this is the same for most of us today.
Summary: How the Carbanak hacker’s group stole a billion dollars without getting caught and what we
learn from it.
The financial world and the security industry have been rocked by the recent report from Kaspersky about the cyber-criminals that have stolen more than $1 Billion from global banks through cyber-attacks. The initial reports link the attacks to a multinational criminal group, and highlight the use of sophisticated malware, dubbed Carbanak.