Insider Threat: Pattern Discovery in Regular Logins Across Different Machines

Summary:

This document reveals a significant case of an insider threat at a UK insurance company where unauthorized individuals were accessing network machines without proper authorization. Through the application of "Pattern Discovery" techniques, it was discovered that when authorized personnel were unavailable, unrecognized substitutes were utilized to log into the organization's network. This revelation highlighted potential issues with unauthorized access and signified a serious concern regarding insider threats within the firm.

Details:

This document is about an insider threat case involving a large insurance company in the UK during a trial. The story revolves around discovering a pattern of someone regularly logging into two specific machines, which didn't make sense according to the prospect and their management company. The username associated with this activity could not be found in the organization's phone book or among the named individuals in the contract with the outsourcing company. Upon further investigation, it was revealed that when authorized personnel were unavailable (either on holiday or sick), unrecognized substitutes were used to log into the network. This practice highlighted a potential insider threat and raised concerns about unauthorized access within the organization. This document discusses a major issue found by an insurance company in their network using the "Pattern Discovery" method, which allowed complete access to their network without them ever knowing about it. The discovery was made for the first time and likely would not have been identified otherwise. The information is tagged with various terms such as insider, pattern, discovery, threatdetector, and threat, indicating that these topics are related within the document context.