Whether its exploited users, careless behavior or outright malicious activity, UserLock helps banking and financial institutions to better protect against both the insider threat and external attacks, to ensure only the appropriate use of critical systems and sensitive data on a Windows Active Directory environment.
The Insider Threat
When we talk about cybercrime in the Banking & Financial Sector we tend to focus on external threats, but often organization insiders are more likely to be the source of the cyberattack. In fact, you could say insider threats pose a greater risk than external threats as your employees already know where the company’s ‘crown jewels’ are. These crown jewels could include the assets that drive cash flows, competitive advantage and shareholder value.
Insiders tend to know what exactly resides on the networks and how to gain access to them for the purpose of theft, disclosure, destruction or indeed manipulation. For example, the leaking and disclosure of critical information could lead to the manipulation of share values. This is a far more effective means of profiting through cybercrime than traditional fraud techniques.
Some of the risks posed by Insider Threats in the Financial Sector include:
- Undesired disclosure of confidential customer data – jeopardizing an organization’s most valuable relationship
- Loss of intellectual property
- Disruption to critical infrastructure
- Monetary loss
- Destabilize, disrupt and destroy cyber assets of financial institutions
- Embarrassment, Public Relations
Identifying the Insider Threat
That unhappy employee or rogue insider will go to any length to gain access to the organization’s critical information, share the sensitive data they get their hands on and even put it to some other unscrupulous use such as insider trading. But malicious employees are the exception rather than the rule, they are not the only insider threat.
Ignorant users are also perilous. Forrester research has shown that the greatest volume of security breaches (36%) come from employees inadvertently misusing data. They unwittingly share sensitive data or information that could fall into the wrong hands almost daily. Many employees also casually share passwords. Giving their ID as an apparent necessity or just to make their lives easier, without any idea of why it might cause a security breach.
Also keep in mind, almost every external attack eventually looks like an insider. The use of compromised internal credentials (an exploited user) is the most common threat action in data breaches. It’s much easier to steal a trusted insiders credentials and bypass traditional cybersecurity controls.
External attacks are public enemy number one to IT teams as they consistently represent the lion’s share of data breach attempts. Before you can stop an attack however, you need to detect one. Detection can happen anywhere from the point of intrusion all the way to the point of data access. Whilst this means there is ‘potential’ to detect an attack, it often means that you don’t find out until after data has already been breached!
To stop an attacker, you need to take away the most precious attack asset: the ability to logon with compromised credentials. Logons are a key component of an attack, without which an attack would be limited to the single endpoint that was the victim of a phishing email or malware-laden website. By eliminating their ability to logon remotely, you effectively kill any lateral movement and, therefore, the attack.
Two Factor Authentication for employees in the financial sector
UserLock is a unique enterprise solution that empowers banking and financial institutions with two-factor authentication (2FA) and contextual access restrictions. It helps stop inappropriate and unwanted logons that stems from insider threats and external attacks.
Installed on your own on-premise environment for maximum security, UserLock works seamlessly alongside your existing Active Directory infrastructure. No modifications are made to accounts, structure or schema.
- UserLock leverages authenticator applications or programmable hardware tokens to generate a time-based one-time password (TOTP) for strong two-factor authentication.
- Using a smartphone as a secure token frees employees from carrying a dedicated token device. Since the codes are generated and displayed on the same device, it removes the chance of hacker interception and means users can even authenticate offline. This is the best balance of security, usability, and cost available today.
- With contextual restrictions in place, administrators can be confident in customizing 2FA controls that avoid prompting the user for a second authentication, each and every time they log in. Contextual factors include location, machine, time, session type and a number of concurrent sessions.
→ Eliminate the opportunity for fraud from employees sharing logins
Banks need to eliminate the opportunity for fraud resulting from users sharing logins. It’s vital to ensure that employees are limited to using only their own personal login information.
Many employees casually share passwords as an apparent necessity or just to make their lives easier, without any idea of what it might cause a security breach. Shared passwords allow rogue users to easily move within an organization’s network once credentials are compromised.
Despite increased education and user security awareness, employees continue to share credentials, as there is no consequence on their own network access. Native security controls in Windows Networks are not enough as they don’t limit or prevent concurrent logins. With 2FA and controls on concurrent logins, UserLock helps prevent employees from sharing passwords.
→ Recognize improper user access and respond to risky behavior or access attempts from someone other than the legitimate user
Real-time monitoring provides visibility into what users are doing and the ability to take appropriate security measures to alleviate IT security threats.
This immediate and remote response to suspicious, disruptive or unusual login connections should be an integral part of any organization’s security policy and risk mitigation strategy.
→ Ensure Compliance with mandates governing access control and data handling
With UserLock, financial organizations have the ability to control, identify, search, report and archive user access to help the bank secure sensitive and regulated information, prevent data leaks and comply with regulations on access control and data handling.
By centralizing and archiving all access events, UserLock can also offer detailed and accurate insights to support IT forensics, auditing, and regulatory compliance.
→ Raise User Security Awareness
Employees need to understand what security policies and procedures are, why they exist and what security measures are used on the network. Informed employees are an important line of defense.
UserLock supports IT’s effort to communicate consistent and clear security policies and controls through its notification system. UserLock allows an organization to notify all users prior to gaining access to a system with customized messages to increase user security awareness and educate about insider threats. This can include warning users about any access denials on their account.
What’s more, messages about legal and contractual implications can discourage employees from committing cybercrime or lashing out at the organization for a perceived injustice.
Case Studies in Banking & Financial Institutions
“With 60,000 users conducting financial transactions on a regular basis, we needed to eliminate risks and possible fraud resulting from improper user access. UserLock in fact does that and much more. It even helped us to identify and block employees who used robots to automate their tasks on several different workstations, putting both our bank’s and our customer’s data security at risk.”
“The most important capability is the ability to prevent concurrent logins and credential sharing between the users, especially at the Bank’s branches where users are responsible for financial transactions”
“Due to the nature of our organization as a bank it was a real headache to prevent users from sharing credentials or logging in to more than one workstation at a time. We used to manually check and monitor whether the login user was already logged in to another machine. With no GUI available all user access needed to be reviewed and monitored manually, making it incredibly time consuming to respond to any security incidents.”