Who Can You Really Trust?

Securonix blog post July 2016

In the wake of the recent HSBC Banking scandal where two former employees are facing charges for rigging a multi billion dollar currency deal, I can’t help but wonder, what could’ve been done better to prevent this?

Mark Johnson the Global Head of Foreign Exchange Trading and former HSBC Colleague Stuart Scott are alleged to have “defrauded clients and manipulated the foreign exchange market to benefit themselves and their bank.”

If found guilty the ramifications for HSBC and the wider Financial community could be earth shattering. Just how could two trusted employees, holding such a senior office, have gone rogue and seemingly unnoticed for so long?

Now I don’t doubt for one second that HSBC do not have the sufficient protection in place when it comes to SIEM for monitoring events, Identity Access Management and Access Control. But that won’t offer much comfort to any organisation when two senior figures stand accused of abusing access to information that their positions of trust entitled them to. As soon as you grant someone access to your most sensitive information you then have to trust that they are not going to mishandle that information.

With a reliable User and Entity Behaviour Analytics solution the events at HSBC could have largely been avoided. Monitoring user behaviour can add assurance where the Least Privilege Access model fails to account for those who you trust the most.

Unlike SIEM, an enterprise behavioural analytics solution adds artificial intelligence and machine learning to the mix. Instead of setting the static thresholds and parameters within which regular activity is assumed to be good, the artificial intelligence element learns what is regular v irregular activity. That ability to map people to processes and job functions as well as understand machine activity is what differentiates Behaviour Analytics from SIEM.

Behaviour Analytics tools such as SECURONIX could for example take a feed from BlueCoat that shows one of your users accessing a job/recruitment website. That alone might not be enough to cause much of a stir as there could be many legitimate reasons e.g. managers looking to fill a vacancy, HR looking for job description templates. When you factor in a feed from SharePoint that says the user has just downloaded the entire account list you then might begin to get suspicious. At the same time Forcepoint DLP has just told SECURONIX that the same user has tried to save a file named “Account List” on to a USB drive and has blocked the action. SECURONIX now knows there is a potential threat and will flag this to the appropriate person to deal with a potential data exfiltration attempt.

By adding artificial intelligence and machine learning to your security armour you are able to fully ensure that even trusted employees in senior positions are not beyond the remit of your organisations security strategy.

The BBC has reported that there were almost 6 million fraud and cyber crimes committed last year in England and Wales. According to the Office for National Statistics there were two million computer misuse offences and 3.8 million fraud offences, most of which were related to bank account fraud. This may well be just be the very tip of the ice berg as this is the first time Cyber Crime statistics have been reported alongside other types of crime.

It is clear that organisations need to be alert for signs of insider attacks that may well have already breached their defences and react before significant damage can be caused. User Entity and Behaviour Analytics is one sure way to ensure that you have one eye on the people you trust the most.

Danny Maher
Chief Technology Officer
HANDD Business Solutions


To discuss SECURONIX or User Entity Behaviour Analytics contact us by telephone on +44 (0)845 643 4063, or visit our website: www.handd.co.uk.