Whether its exploited users, careless behavior or outright malicious activity, UserLock helps banking and financial institutions to better protect against both the insider threat and external attacks, to ensure only the appropriate use of critical systems and sensitive data on a Windows Active Directory (AD) environment.
Recognize the risk of the insider threat
When we talk about cybercrime in the Banking & Financial sector we tend to focus on external threats, but often organization insiders are more likely to be the source of the cyberattack. In fact, you could say insider threats pose a greater risk than external threats as your employees already know where the company’s ‘crown jewels’ are. These crown jewels could include the assets that drive cash flows, competitive advantage and shareholder value.
Insiders tend to know what exactly resides on the networks and how to gain access to them for the purpose of theft, disclosure, destruction or indeed manipulation. For example, the leaking and disclosure of critical information could lead to the manipulation of share values. This is a far more effective means of profiting through cybercrime than traditional fraud techniques.
Some of the risks posed by insider threats in the financial sector include:
Undesired disclosure of confidential customer data – jeopardizing an organization’s most valuable relationship
Loss of intellectual property
Disruption to critical infrastructure
Destabilize, disrupt and destroy cyber assets of financial institutions
Embarrassment, Public Relations
Identify the insider threat
An unhappy employee or rogue insider
This person will go to any length to gain access to the organization’s critical information, share the sensitive data they get their hands on and even put it to some other unscrupulous use such as insider trading. But malicious employees are the exception rather than the rule, they are not the only insider threat.
Forrester research has shown that internal incidents cause roughly a quarter of breaches. Employees unwittingly share sensitive data or information that could fall into the wrong hands almost daily. Many employees also casually share passwords. Giving their ID as an apparent necessity or just to make their lives easier, without knowing why it might cause a security breach.
An external attacker that looks like an insider
The use of compromised internal credentials (an exploited user) is the most common threat action in data breaches. So almost every external attacker will eventually look like an insider, for the simple fact that they're now in the system. It’s much easier to steal a trusted insider's credentials and bypass traditional cybersecurity controls.
Detect external attacks
External attacks are public enemy number one to IT teams since they consistently represent the lion’s share of data breach attempts.
Before you can stop an attack however, you need to detect one. Detection can happen anywhere from the point of intrusion all the way to the point of data access. Whilst this means there is ‘potential’ to detect an attack, it often means that you don’t find out until after data has already been breached!
To stop an attacker, you need to take away the most precious attack asset: the ability to logon with compromised credentials. Logons are a key component of an attack, without which an attack would be limited to the single endpoint that was the victim of a phishing email or malware-laden website. By eliminating their ability to logon remotely, you effectively kill any lateral movement and, therefore, the attack.
Secure the logon with two factor authentication for employees in the financial sector
UserLock is a comprehensive enterprise solution that empowers banking and financial institutions with two-factor authentication (2FA) and contextual access restrictions. It helps stop inappropriate and unwanted logons that stem from insider threats and external attacks.
Installed on your own on-premise environment for maximum security, UserLock works seamlessly alongside your existing Active Directory infrastructure. Integration is easy, and UserLock doesn't modify your AD accounts, structure or schema.
IT can choose between multiple MFA methods, such as push notifications, authenticator applications or programmable hardware keys or tokens, to generate a time-based one-time password (TOTP) for strong 2FA. Using a smartphone as a secure token frees employees from carrying a dedicated token device. Since the codes are generated and displayed on the same device, it removes the chance of hacker interception and means users can even authenticate offline. Many financial organizations find this is the best balance of security, usability, and cost available today.
With contextual access restrictions in place, administrators can be confident in customizing granular 2FA controls that avoid prompting the user for a second authentication, each and every time they log in. Contextual factors include location, machine, time, session type and a number of concurrent sessions.
Eliminate the opportunity for fraud from employees sharing logins
Shared logins open the door to fraud. Banks need to eliminate the opportunity for fraud resulting from users sharing logins. It’s vital to ensure that employees are limited to using only their own personal login information.
Many employees casually share passwords as an apparent necessity or just to make their lives easier, without any idea that it might cause a security breach. Shared passwords allow rogue users to easily move within an organization’s network once credentials are compromised.
Despite increased education and user security awareness, employees continue to share credentials, since there's no consequence on their own network access.
Native security controls in Windows Networks are not enough since they don’t limit or prevent concurrent logins. With 2FA and the ability to stop concurrent logins, UserLock helps prevent employees from sharing passwords.
Recognize improper user access and respond to risky behavior or access attempts from someone other than the legitimate user
Real-time monitoring provides visibility into what users are doing and the ability to take appropriate security measures to alleviate IT security threats.
This immediate and remote response to suspicious, disruptive or unusual login connections should be an integral part of any organization’s security policy and risk mitigation strategy.
Ensure compliance with mandates governing access control and data handling
With UserLock, financial organizations have the ability to control, identify, search, report on and archive user access to help secure sensitive and regulated information, prevent data leaks and comply with regulations on access control and data handling.
By centralizing and archiving all access events, UserLock can also offer detailed and accurate insights to support IT forensics, auditing, and regulatory compliance.
Raise user security awareness
Employees need to understand what security policies and procedures are, why they exist and what security measures are used on the network. Informed employees are an important line of defense.
UserLock supports IT’s efforts to communicate consistent and clear security policies and controls through its notification system. With USerLock, IT can choose to notify all users prior to granting access to a system with customized messages that increase user security awareness and educate about insider threats. This can also include warning users about any access denials on their account.
What’s more, messages about legal and contractual implications can discourage employees from committing cybercrime or lashing out at the organization for a perceived injustice.