Could Sage Have Acted More Sagely Before The Insider Breach?

Posted by Heather Howland on Aug 16, 2016 9:00:00 AM
Find me on:

This weekend, Sage Group sent out a warning to its customers about a data breach. According to the BBC, the breach exposed the personal details of employees at close to 300 companies in the UK and Ireland.timingquote-blog.jpg

How did it happen?
According to a Sage statement
"We are investigating unauthorized access to customer information using an internal login."  The access is said to have happened in recent weeks which is what prompted the investigation.

While it remains to be seen what the fallout will be for this breach, like others, the loss of personal or confidential data can impact a company’s reputation and cause significant financial damage as we have seen with other high profile breaches in recent past.

This underscores the need for organizations to take a closer look at how to prevent insider threats, including credential compromise, and how to reduce their internal risk.

It also highlights timeliness of response and some of the challenges with current technologies. If Sage had been using log-based User and Entity Behavior Analytics (UEBA) product for breach detection, they might have been able to detect the threat. Even so, such solutions are backward looking, require 24x7 coverage and don’t automatically respond when a possible threat is identified. As security resources are hard to find, it is likely that this company decided to forgo deploying a passive UEBA solution.

If, on the other hand, Sage had deployed a Behavioral Firewall, when the ‘internal login’ credentials were being used in the course of the breach, the Behavioral Firewall would have not only detected the abnormal usage of those credentials, it would also have forced the user to re-confirm identify through Multi Factor Authentication, thereby stopping the attack without any human intervention.

If you are interested in learning more about the requirements for developing a viable insider threat strategy and solution you can learn more about the top three requirements in our recent Infosecisland  article where we also discuss some of the limitations of Next Gen Firewalls.  

You also can learn more about the Preempt Behavioral Firewall and top use cases here.

Topics: Insider Threats, User and Entity Behavior Analytics, Credential Compromise