BUSINESS

MONITORING INSIDER BEHAVIOR TO CATCH INTRUDERS

Monitoring Insider Behavior to Catch Intruders

By Hagai Schaffer, VP Marketing and Product Management, Bottomline Technologies Cyber Fraud and Risk Management

Cyberattacks are topping the news, and becoming more of a threat as they become more sophisticated and costly.

The cost of data breaches will increase to $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015, according to research conducted by Juniper.  A PwC survey found that the cost of security incidents jumped 24% and the number of financial firms reporting losses of $10m to $19.9m increased by a hefty 141% from 2013 to 2014.

Most organizations today maintain a perimeter-centric defense strategy for protecting their most valuable assets.  Organizations build numerous walls and fortifications for their organizations, but cyber threats continuously evolve limiting their effectiveness at preventing a data breach.

Hackers Impersonating Employees

Sophisticated intruders are continually upgrading their capabilities, and the means they use to penetrate organizations.   Often they use employees’ credentials to access applications and data inside corporate networks.  Many hackers succeed by gaining access to employee account information which they then use to transfer funds, or commit other types of fraud without being detected.

For example, last February Kaspersky revealed that an international criminal syndicate was able to successfully impersonate bank officers at over 100 banks around the world to net as much as $900 million in stolen funds. Chinese hackers have stolen the personal data of at least 4 million current and former US government and the concern is that the stolen information could be used to impersonate federal employees to obtain sensitive data.

Detecting employee accounts that are compromised

Normal online behavior can be characterized by monitoring which screens and functions are accessed and for how long, during the process of doing typical job functions. The resulting profiles can be used as a baseline to identify online behavior that is suspicious.  The more data that is collected and analyzed, for different types of entities such as employees, customers, suppliers and accounts,  the more likely that fraud can be detected and maybe even prevented before financial damages are incurred.

There are certain types of online behavior that can indicate that a hacker is impersonating an employee.  Some of the most simple observations can raise a red flag, for example if a user logs in with a different IP address than is customary, or a User Id is used to access a corporate application when the employee is scheduled as being on vacation or has called in sick.

The way employees use applications can indicate that there is fraudulent activity.  Employees that access an application using an unexpected device, spend an unusually long or short time accessing screens, navigate screens in unusual ways, or accesses applications that are not typical for their job function, or perform an excessive number of name searches and screen printing may be up to something.

Hackers will continue to create new methods for taking over employee accounts and committing fraud. However, by monitoring employee online behavior, suspicious activity can be identified earlier in the process keeping the organization’s assets and reputation intact.  Proactively capturing and analyzing employee online behavior across departments and correlating with data anomalies can be the key to preventing fraud.

To Top