IDM and a false sense of security – case study by our CTO

I recount a case from one of my previous CISO positions, at a bank network with 1000+ employees. A serious exploit was experienced in the branch network, affecting certain accounts’ balance data. During the tedious and complex investigation, my team and I discovered that a member of our workforce was able to carry out the exploit because he had authorization (originally only required for a selected few back-office experts) that could be used to modify account balances. A shocking revelation of our investigation was that actually all of the bank branch employees had this exact privilege. The full exploration and cleaning of authorizations and user roles that followed our examination was a laborious and difficult process, as at that time, there were no integrated and automated platforms for crawling this type of internal user data.

Even if your company has some kind of IDM system in place, it is highly likely that your overall cybersecurity is far from formidable enough. The reason is that, quite simply, in every business’ day-to-day life, there are usual events, like:

  • Entering/exiting workers
  • Change and reassignment of jobs
  • Substitutions
  • Long-term absences
  • Remote work
  • Transitional and project tasks

These are precisely the inherent causes of risk related to uncontrolled software license accumulation, also called privilege creep – you should avoid it at all costs. IDM systems are most of the time blind to unnecessary, excessive, or incompatible user privileges or even so-called “technical users”.

Chief information security officer at work
Working on strengthening cybersecurity day and night!

Chief information security officers need to be proactive in defending their organizations from cyber threats. A good place to start is by having a data security policy in place that outlines the procedures and protocols to be followed in order to protect data and systems. This should include password protection, the use of encryption, and the implementation of up-to-date firewalls and antivirus software. Additionally, CISOs should be aware of the current threat landscape, regularly monitor activity on their network, and respond to any potential risks. CISOs should also review any third-party software they use and ensure any vendors they do business with have secure systems in place. Finally, CISOs should consider investing in a user access review solution to protect their organization’s data, as well as training their staff on the latest cyber threats and security protocols.

Time to face it: you only have one rational choice: automation, to mitigate potential cyberattack vectors throughout your workforce. We can help you there, with TheFence!

2 min read

Share this post:

Scroll to Top

Live webinar

How to detect the riskiest
users, roles and areas in SAP

🎤 Speaker: Csaba Békési – Risk Consultant at XS Matrix (TheFence)
💡 Moderator: Paulino Calderon – Co-Founder of WebSec
📅 Date: June 19th, 2024

🕒 Time: 10 am (EST)

Duration: 1 hour

📍 Venue: Zoom Meeting