4 Ways to Defend Against Internal Attacks

2

Defend Within

GlobalAccountant.com posted that 1/3 of British accountants breach their

company IT policies.

Over 40% knew about the policy and yet ignored it.

If 1/3 of your staff is breaching your IT policy,

what can you do to defend within?

3

1. Role Based Access

Challenge:

You have hundreds, even thousands of

users in your system. How can you provision

everyone with the correct access in a

timely fashion?

Answer:

Role Based Access where you are given permission based on

your role in the company but can still

request access to other programs.

4

What is Role Based Access?

This is Joe, a new developer starting today.

When Joe goes to request access how does he know

which of the company’s applications to choose?

???

5

What is Role Based Access?

With Role Based Access, Joe will be led to the most

relevant applications for his role taking the guess work

out and preventing requests for excessive access or for programs they don’t need.

6

Why Role Based Access?

Approver saves time by only approving requests outside of the users role. This limits the rubber stamping effect and

gives better visibility into what is being approved.

User saves time by having his applications suggested for him rather than having to guess what

he needs and possibly request access to critical systems he doesn’t.

Company saves time and money with tighter security and fewer user accounts with privileged access.

7

2. Access Management

What three roles does every organization have in common?

1. Joiners

2. Movers

3. Leavers

8

Access Management

Joiners and Movers need to have access granted as soon as possible to enable

them to do their jobs.

Leavers pose the largest threat to your system and need to have access shut off

immediately.

“1 in 5 employees still have access to internal systems at

their previous jobs” –SCMagazine.com

9

3. Segregation of Duties

Who wouldn’t love to set and approve their

own budget?

What about submit and approve your own

purchase order?

10

Segregation of Duties

In order to uphold checks and balances you need segregation

of duties.

This will set permissions for your

team and put up barriers to critical

risks.

11

4. Real-Time Monitoring

Auditing is everyone’s least favorite time of

the year.

However, if you only audit once a year then you only see into your system once a year. What happens the other 11 months?

12

Real-Time Monitoring

Question:

If you had 4 new accounts come online in one week, all with privileged access, would you notice?

13

Real-Time Monitoring

With real-time monitoring capabilities

in an intelligent IAM system your system is

continuously monitored and you are

alerted when things look wrong.

14

5. Build a Security Aware Culture

I know, I said 4 ways so this one is free.

By building a culture that is aware of the risks to

themselves and the company, you expand your security team

exponentially.

When your organization buys in to your security strategy they become more aware of risks,

take more precautions against them and become a new line of

defense against attacks.

15

Are You Ready to Defend Within?

Are you currently monitoring these 4 breach risks?

Have you experienced one of these breaches?

Do you know what risks are currently in your system?

Let Courion help.

With a Quick Scan of your systems, we can show you where your critical risks lie and how to secure them.

Get My Quick Scan>>