Case Study: a large payment provider strengthens insider threat response with NCC Group MDR

Large Payment Provider - Customer Case Study

NCC Group worked with a large payment provider in the financial sector that was dealing with a suspected insider threat. During routine monitoring, the customer’s Azure platform alerted on a disabled Azure Multi-Factor Authentication (MFA) setting for a former employee, prompting NCC Group’s SOC analysts to investigate through Sentinel.

NCC Group provided the client with comprehensive evidence for its internal review and confirmed there was no malicious insider activity, though the case exposed weak processes and security culture. NCC Group recommended introducing an auditable workflow for privilege changes and MFA revocation to prevent similar incidents and reduce the risk of unauthorized single-person actions in the future.