From the New York City credit union case to understand the importance of StormEye’s SIEM and NAS System
In an act of revenge for being fired from a New York City credit union, Juliana Barile, 35, accessed the computer system and deleted its 21GB of important information, including mortgage applications and other sensitive information maintained on a file server.
New York City credit union had requested the outsourced information technology supplier to deleted Juliana’s login account several times before, whereas the supplier did not process it instantly, and eventually led to this incident occurred. After logging in the system, Juliana deleted 21.3 GB of data, including 20,000 files and 3,500 folders within 40 minutes. The majority of the deleted data is the clients’ loans applications and related personal information. Ridiculously, some information about preventing ransomware attacks is also deleted.
30From the above incident, some mistakes exist in the company’s alerting system and backup system obviously that led to this tragedy. Indeed, incidents of the company’s servers and its digital assets have been hacked or stolen by resigned employees occurred occasionally, which is a cyber threat. Protecting the company’s data, an ounce of prevention is better than a pound of cure always is the best solution. StormEye’s filing storage solution (StormEye’s system) is an alternative for companies to save for a rainy day.
StormEye’s SIEM and NAS System
Let’s talk about StormEye’s system, it can record every employee’s login record for review. Every employee will be given a separate login account, once they log in, the system will send the employee’s login information and login time to the system admin through email or SMS.
Going back to the Juliana case, if the New York City credit union had applied StormEye’s system, once Juliana login, the system would have regarded her account as a suspicious account and sent an alert message to the admin instantly.
Outsourcing the company’s information technology service is commonly seen in recent years. However, the outsourcer cannot always handle some immediate problems, like the employees’ accounts. Given this situation, the panel of StormEye’s system allows the admin to add or delete employee login account for managing the new and resigned employee’s account. It can protect the company’s cybersecurity by lowering the chance for the resigned employee to access company data inappropriately
Back to Juliana’s case, if her former company had applied StormEye’s system when she was fired, the system admin would have deleted her login account immediately to prevent her from logging in to the company’s system for any unethical behavior.
The alerting function of StormEye’s system is also significant for security, it can mark down all activities done by the suspicious account on the system and block that account. For example, when an employee logins to the system during non-office hours, the system will automatically save all activities like uploading files, copying the files to other devices, or downloading a large number of files from the system. For the security issue, StormEye’s system only can record all activities done in the system but cannot read the file content. If there is any suspicious account detected, that account will be prohibited from accessing until the admin removes that account from the blocked list.
If the New York City credit union had used the StormEye’s system, once Juliana login to the company’s system, her account would have been blocked and all the data and files would not be deleted.
A backup system is a must-have component for a company’s IT system nowadays, every company should set up a backup system for unexpected needs. StormEye’s backup system can be divided into 2 parts, an instant backup system and an extra backup system to protect the digital assets. Recently, most large-scale companies have set up a backup system, but most of the backup file content cannot be seen, their backup systems are only set up for reassuring, yet without actual usage. If the company’s server does not function unfortunately and needs to retrieve data from the backup system, many of them will find that not all the files have been completely backup. To ease this situation, StormEye’s backup system is linked to the company server and all the data is automatically backup with a supervising function. Let’s say when an employee uploads a file to the company server, this file will also be uploaded to StormEye’s instant backup system. On top of that, StormEye’s extra backup system will back up all files saved in StormEye’s instant backup system at a designated time every day. StormEye backup system is adopted Raid 1 in an entry version, and Raid 5 in an advanced version. The backup system is used for copying the files saved in the damaged hard disk to a new hard disk.
The extra backup system prevents the company from losing data when its system is attacked by ransomware and data is deleted by an employee accidentally. The extra backup system is not synchronized to the instant backup system, that’s why it will not be affected even if of breaks off the linkage to the instant backup system.
If the New York City credit union had set up an all-around backup system, even if Juliana login to its system and deleted a large quantity of data, it would have recovered all the data from the extra backup system, and its daily operation would not be affected.
In conclusion, no matter the scale of a company, as long as it uses a computer system for business operation, it should set up a well-rounded cybersecurity system.