Incident 1 – No Data Loss Prevention mechanism

In January 2021, four in-house lawyers of a renowned law firm in Pennsylvania siphoned off some of the organization’s secret files and deleted its emails illegally. The data included lots of legal records, correspondence, confidential firm records, and multiple client databases. Adding to the woes, after the malicious act, the attorneys of the firm double erased all the emails to ensure that there is no evidence of the act if there is any investigation in future. The culprits stealthily used an unauthorized USB device, and their malicious actions remained unnoticed. After this incident, the organization lost its competitive benefits in the market.

This untoward incident could have been prevented by ARCON | EPM with the help of its prevention of data exfiltration capabilities. “Data Loss Prevention (DLP)” feature of ARCON | EPM helps organizations to mitigate data security vulnerabilities by restricting any kind of removable devices including mobiles, USBs, or external hard drives from accessing any data asset from any system at any point of time. Even if someone tries to transfer data via Bluetooth, that also is prevented by EPM because mobile Bluetooth connections and Bluetooth transfers are restricted with ARCON’s DLP feature. Hence, there are no chances of data misuse.

Incident 2 – Absence of User Behaviour Analytics

At the end of 2021, around the month of November, a former employee of the South Georgia Medical Center, downloaded multiple sensitive files from the data assets of the medical center’s systems to his personal USB drive the day after quitting the organization. Along with personal data, it included patients’ test results, names, birth records etc. This is an ideal example of a compromised insider with malicious intent. There was no mechanism to monitor and analyze the behaviour and activities of users who frequently access critical data repositories for various purposes. As a result, the medical center had to provide services including free credit monitoring and identity restoration to all the patients who suffered this unprecedented data breach.

Had ARCON | EPM solution been deployed by the organization, the malicious insider would have been caught before any data theft incident. The “User Behaviour Analytics” feature of EPM solution detects anomalous behaviour profiles in the network on real-time and immediately generates risk-based scores for each user with the help of Machine Learning (ML) algorithms. Based on these scores, the Risk Manager analyzes and takes crucial decisions about whom to continue with the access permissions and whom to deny.

Incident 3 – Absence of File Integrity Monitoring

In the months of March and April 2021, the department of police in one of the cities from the state of Texas suffered massive data loss as one of its employees deleted 8.7 million critical files (approx. 23TB of data) by mistake. These files included crucial evidence of many criminal cases in video, photos, audio, case notes, and other items the police department collected. It resulted in slowing down the process of prosecutions impacting around 17,500 cases with the County District Attorney’s Office.

This is an ideal instance where a government department faced an IT disaster though there were no malicious or fraudulent activities. The employee was unable to manage and verify the existence of the files before deleting them and there were no backups. There was no mechanism to ensure the security, integrity, and confidentiality of data assets of the said Police Department. 

ARCON | EPM solution could have averted the disaster with the help of “File Integrity Monitoring (FIM)” feature. FIM keeps on checking and identifying any modifications or changes made to any file or directory. It continuously monitors critical system files, and configuration files/ folders to detect unauthorized changes done by end users, intentionally, accidentally or for some other purpose. Once ARCON’s FIM detects any sudden unauthorized changes, it sends instant alerts to the IT administrator who investigates and takes prompt action. FIM enables IT security teams in maintaining an organization’s compliance policy.

Conclusion

ARCON | Endpoint Privilege Management (EPM) solution addresses the endpoint security challenges with the help of a robust security layer around endpoints. It detects risky behaviour profiles, prevents data exfiltration, and identifies any sudden unauthorized changes made to any files/ folders.

Overview

Cyber espionage is a nefarious act of engaging in a single or multiple attack on systems that allows any unauthorized user/ users to secretly view sensitive information without the knowledge of the owner. The major objective of such activities is to acquire intellectual property of corporates or sensitive data belonging to government organizations.

Typically, these attacks are subtle in nature as there is ‘no visible harm’ to the victim, though non-stop spying on the business secrets is a serious breach of conduct and the impact is very damaging. The consequences of cyber espionage can be grave with loss of competitive advantage as business-critical data, strategic blueprints or government secrets no longer remain ‘secret’ as they are supposed to be. The malefactors in this act are motivated by greed and make unexpected profit by misusing the information assets.

A couple of years ago, a 12-year cyber-espionage incident came into light where hackers from one suspected nation from Asia were eavesdropping on different Government agencies and firms of other nations to sabotage their regular IT operations for an indefinite period.

Who are the targets?

The information stolen is used by rival companies or nation states. Sometimes, it is even sold to some higher bidder or to the dark web. There are two conventional targets for cyber espionage:

• Governments: Government organizations possess the most sensitive information of a country. Most of the Government organizations are increasingly getting digitized. With the incorporation of new technologies, the work processes have turned time-saving and most case-sensitive data are stored digitally. This has prompted cyber crooks to take unauthorized possession of the data.
• Corporates: Global businesses are continuously at risk from cyber espionage. The spies are lurking in every sphere of possible data sources to covertly access information that can badly affect the victim – by damaging the brand reputation and business trust. Corporates from every possible industry have become more or less victims of espionage.

Forms of Cyber Espionage:

Two major or common forms of cyber espionage are –

• Spear phishing/ Phishing: Among all, this is the most attempted form of this crime. Common phishing is quantitative in nature, whereas spear-phishing is more qualitative and target-oriented. This target can be geography, industry or even a specific piece of data. It requires lots of research about the potential victim.

• Malvertising: Sometimes, cyber criminals use malicious advertising strategies to compromise data. They misuse the medium of online advertising to snag the target. These advertisements are too convincing to prevent any kind of malicious intention behind. Once clicked, the victim is immediately routed to the hostile server for the rest of the attack.

How to Prevent?

Threats like cyber espionage can remain undetected in a particular network for months. Eventually, when the criminal gang is busted, enterprises by then suffer huge losses. There are some easy and advisable precautionary IT security measures to stop cyber espionage at the roots.

• Endpoint Security: Today most of the spying incidents happen due to unmanaged and unmonitored endpoints. A secured Endpoint Management helps mitigating targeted attacks including malware and ransomware threats.

• Rule and Role-based access: With the help of advanced security tools like Privileged Access Management (PAM), User Behaviour Analytics (UBA), user restriction on the basis of authentication process can deter suspicious activities. As critical data assets are consistently under threats of misuse from malicious corporate elements, organizations need to strengthen security with a rule and role based access.

• Robust Password Management: Breaking through a password is the only way to access every confidential data file. Hence, enterprises should always ensure randomization and rotation of passwords to put an end of unauthorized data access.

• Segregation of database: There is a saying, “Don’t put all your eggs in one basket”. Similarly enterprises in IT security should ensure proper and multiple segregation of data that can minimize the risks to a large extent. A single database would simply make the job of a data spy easy.

• Monitoring user behaviour: Lastly, seamless monitoring of every user behaviour is the ultra-modern way to assess IT risks. Any kind of unconventional behaviour from insiders, third-party users, partners, external auditors, MSPs or even ex-employees should be detected and flagged off to the administrators on time. AL/ ML based User Behaviour Analytics (UBA) tool has been in high demand today to deter cyber espionage.

Conclusion

Cyber espionage is rising. This threat, if not taken seriously on time, can put business processes and progress at ransom. Training the employees and spreading awareness about cautious IT behaviour can largely reduce the risks associated with cyber espionage.

in 2020. Cybersecurity has become very important as the country’s digitalisation pace has necessitated the need to secure information assets. A compromise of credentials, or an illegitimate access to privileged accounts can inflict heavy financial losses (data breach) to organizations, which could have strong repercussions on the economy. Therefore the economic well-being of any country is directly proportional to cyber security preparedness.

ARCON is a well-known brand in the country since the last three years with some of the big names from the BFSI segment deploying our enterprise-class solutions. Due to the pandemic and ongoing travel restrictions, ARCON could not hold its annual security conference. However, ARCON along with its local partner conducted an exclusive webinar targeting some of the well-known organizations in the nation. The idea was to highlight the fact that how robust cybersecurity can boost an economy.

Indeed, cyber crime/incidents can have an alarming impact on the global economy. In the Indian subcontinent, almost $215 billion has been lost in 2018 which is almost 1.3% of the entire GDP of SouthEast Asia. By now, it would have soar beyond imagination. It is estimated that by 2021, cyber crime will cost the world in excess of $6 trillion annually.

To discuss this situation, ARCON, in an exclusive webinar organized by its partner on 10th November 2020, delivered the views on “Cybersecurity: An Economy Booster”. Mr. Yahya Khan represented ARCON in the webinar and he vividly explained how ARCON solutions are reinforcing adequate security measures for large and mid-scale enterprises to manage and control information security. The broader agenda of the session included:

• How should we secure human access to enterprise digital assets
• How should we manage and control the privileged accounts of an enterprise
• How should we mitigate threats arising from unmonitored endpoints
• How should we ensure a robust access control system in the enterprise network

To start the session, Mr. Khan drew a simple analogy of ‘Who watches the Watchman’ as in most cases people have the prima facie of ARCON solutions as just a cybersecurity solution. However, the pattern of cyber threats have come a long way and ARCON opines that IT operations are no more safe with just risk-preventive solutions. Instead, the risks need to be predicted well in advance. Some of the key takeaways from the session are as follows:

• The access control mechanism is complicated for any organization. IT infra includes operating systems, network, databases, critical devices and business applications. Absence of policies around people and policies could create IT chaos resulting in data breach. ARCON | PAM with the help of granular control features over admins and privileged users protects the systems and applications from unauthorized access and unintentional errors. It controls the privileged users seamlessly with a rule and role-based centralized policy.

• With Single-Sign-On (SSO) of ARCON | PAM, the IT security team can have one-time administrative access to a different category of systems and devices without entering the login credentials. In a larger IT infrastructure, the challenges of multiple administrators, multiple user-ids, multiple passwords and multiple accesses are resolved by SSO feature.

• Regarding managing the privileged passwords, organizations stumble a lot while storing the passwords manually. ARCON | PAM with its robust password vault helps organizations to store passwords in a highly secure electronic vault. Above all, this engine frequently rotates and randomizes the dynamic passwords to prevent any unauthorized access in the critical systems.

• Today, organizations are in dire need of monitoring the day to day IT activities seamlessly. ARCON | PAM with its real-time session monitoring helps organizations to detect and identify any suspicious elements in the network and flags off immediately to the administrator. In addition, the overall activities can be reviewed in a live dashboard which helps the risk management team to spot the anomaly with ease.

• Regular IT audits have become must in most of the organizations today. Based on the user activity reports, the organizations take crucial steps to ensure end-to-end security in the IT ecosystem. ARCON | PAM offers a provision of generating detailed reports of all the activities done by the users on a given date and time. This report is even customizable as per role of the users, department and predefined time.

• Very often organizations manage the passwords of business-critical applications through a single terminal in the IT infrastructure. ARCON’s App to App Password Management is an automated password change process which helps to manage and synchronize the entire process with the required details of the servers, the IP addresses and thereby prevents cyber disruptions.

• Misuse of the endpoint privileges is one of the biggest sources of data theft. Poor endpoint management leads to both data theft and ambiguity over access to business-critical applications. ARCON | Endpoint Privilege Management (EPM) bridges the security gap between unmanaged endpoints and IT administrators in an enterprise network by allowing endpoint privileges to the authorized users exclusively. It even helps the risk management team to segment the users based on their roles and responsibilities.

• Today Work From Home (WFH) practice has propelled the urgency to implement secure remote accesses to business-critical applications and systems globally. Organizations require a robust IT security mechanism to manage, control, monitor remote access and the IT risk management team is more agile in establishing trustworthiness. helps the administrators to provide safe and seamless desktop support for the employees working remotely.

• Lastly, ARCON | PAM is the epitome of administrative ease when it comes to managing privileged accounts in organizations’ network periphery. Factors like high performance, high scalability, secure elevation, one admin console for admin access and smooth deployment process offers a competitive advantage to ARCON.

Before drawing the conclusion, Mr. Khan answered all the questions asked by the attendees related to the features of ARCON | PAM solution. The ease of deployment and administrative ease, security benefits, and the value for money were discussed with lucidity. Considering the economic growth and fast pace of digitalisation, Bangladesh even in this pandemic scenario, is allocating a handsome budget for secure IT infrastructure. This exclusive webinar emphasized the importance of robust cybersecurity controls to boost the economy.

ARCON is a leading enterprise risk control solutions provider, specializing in risk-predictive technologies. ARCON | User Behaviour Analytics enables to monitor end-user activities in real time. ARCON | Privileged Access Management reinforces access control and mitigates data breach threats. ARCON | Secure Compliance Management is a vulnerability assessment tool.