NCS group incident

Learning from the NCS Group Incident: Sennovate Expert Opinion


In today’s dynamic cybersecurity landscape, threats evolve rapidly. A recent incident involving a former employee of NCS Group, Kandula Nagaraju, highlights significant vulnerabilities in user access management. Nagaraju, terminated for poor performance and disgruntled post-offboarding, retaliated by deleting 180 critical virtual servers essential for NCS Group’s QA testing. This incident underscores the crucial importance of effective Identity and Access Management (IAM), particularly in the deprovisioning process. In this post, we will delve into how such incidents can be prevented with a robust IAM solution.

Incident Analysis: A Costly Oversight

In NCS Group incident, the oversight in user access management led to significant non-compliance and setbacks:

· Unauthorized Access: Despite leaving the company, the ex-employees’ accounts remained active for four months, providing them with ample opportunity to access servers which they were no longer authorized to access.

· Recovery Cost: The immediate financial impact from the incident was substantial, amounting to approximately USD $678,000. This figure includes the costs associated with restoring the deleted servers, data recovery efforts, and additional security measures implemented post-incident to prevent future breaches.

· Critical Operational Disruption: Kandula Nagaraju’s actions post-termination resulted in the deletion of 180 virtual servers, a operational disruption for NCS Group.

This incident highlights glaring oversights in maintaining secure access controls and user lifecycle management.

What could have prevented this incident?

Effective identity and access management (IAM) is critical for securing an organization’s data and systems from unauthorized access. It involves managing the entire lifecycle of user identities, from onboarding to offboarding. However, merely deploying an IAM solution is not sufficient to prevent security incidents. Organizations must ensure they have the right combination of people, processes, and technology to effectively mitigate risks.

Let’s discuss few key solutions that could have prevented this incident:

  • Efficient User Lifecycle Management – Proper User Lifecycle Management ensures that only authorized users have access to the necessary resources. It reduces the risk of security breaches by ensuring that access is revoked immediately upon termination or role change.
  • Zero Trust Security Model – Zero Trust eliminates the concept of implicit trust, ensuring that every user, device, and application is continuously verified and validated, reducing the risk of insider threats. Zero Trust enforces the principle of least privilege, granting users and devices only the access they need to perform their tasks, thereby reducing the attack surface. Just-in-time access provisioning with an approval workflow can further tighten the access controls.
  • Periodic Access Reviews – By reviewing access regularly, organizations can identify and mitigate potential risks associated with unauthorized access, insider threats, or other security vulnerabilities. Regular reviews reinforce the importance of access control among employees and promote a culture of accountability regarding data protection and security.
  • Password Rotation – It is a fundamental component of a comprehensive cybersecurity strategy. Regularly changing passwords reduces the time window in which a compromised password can be used by malicious actors. This minimizes the potential damage that can be inflicted. Frequent password changes can help in identifying breaches. If a password is changed and subsequent unauthorized access attempts are detected, it can signal a security breach.
  • User Behavior Analytics (UBA) – By leveraging advanced data analytics, machine learning, and pattern recognition, UBA helps organizations identify abnormal or malicious activities that might indicate a security breach. By establishing a baseline of normal user behavior, UBA can flag activities that deviate from this baseline, such as accessing unusual resources or logging in from unexpected locations.

Conclusion

The NCS Group breach starkly illustrates the critical importance of having an effective IAM solution and managed service in place. Failing to deactivate access for ex-employees for a significant period of 4 months exposed the organization to entirely preventable risks, highlighting the need for stringent access management practices.

To avoid such devastating incidents, companies must adopt a proactive stance on cybersecurity. This entails implementing a robust IAM framework that encompasses the right mix of people, processes, and technology.

Learn More About Sennovate IAM-as-a-Service

Don’t leave your organization’s security to chance. Discover the unmatched protection Sennovate offers through our IAM-as-a-Service offering. We assist organizations like NCS in assessing their security posture, identifying risks, and implementing robust security solutions aligned with industry best practices to mitigate those risks effectively. We provide comprehensive end-to-end Identity and Access Management services, covering advisory, implementation, and 24×7 managed services. To know more about our solutions and services, visit https://sennovate.com or contact us at [email protected]