Oracle today announced Oracle Advanced HCM Controls, part of Oracle Fusion Cloud Human Capital Management (HCM), an artificial intelligence (AI)-powered monitoring solution that automates security analysis to protect against fraud and help ensure that only the people who need to use sensitive data have access to it. With Oracle Advanced HCM Controls, HR leaders have better visibility into potential fraud or compliance issues within their systems and can review and block suspicious activity as it occurs.
As HR systems have evolved, organizations have collected and uploaded nearly everything there is to know about each of their employees. From compensation, home addresses, and bank account information to national identification numbers, disability status, and performance data—organizations host a substantial amount of high-risk data on their workforce.
This data is highly valuable for organizations and employees, but it is also a huge draw to cybercriminals and other malicious actors—even from within the organization. And those bad actors are trying their best to access it. Over the course of 2020, there were more than 5,200 known incidents of lost or stolen data, privilege misuse and systems intrusions against organizations, many of which originated from people with legitimate credentials within the organization.
The new updates include AI-powered anomaly detection and alerts to help HR leaders and security teams monitor and respond to potential threats, including suspicious employee activity, phishing attacks, bot activity or data breaches targeting HR data and processes. The new updates monitor and detect activity based on:
- Time and Frequency: Instant alerts about suspicious activity are now sent based on when and how often sensitive HR records are being accessed. This enables HR teams to quickly detect abnormal activity in the system, such as an employee accessing data over the weekend to signal that an account may be compromised, or individuals are acting in bad faith. In addition, HR teams will be immediately alerted if large amounts of data are being accessed in a short period of time. For example, clicking through data faster than a human can read may be a sign of fraudulent activity, such as a bot being used to collect HR data.
- Location: Instant alerts about suspicious activity are now sent based on where sensitive HR records are being accessed from. For example, if an account is logged in from two geographically distant locations at once or if the system shows that a user is logged in from a country they have never visited, it will automatically trigger an alert to address it.
- Role and Responsibility: Instant alerts about suspicious activity are now sent based on who is accessing the data. For example, if someone is transferred to a different department, they may still have previous privileges to access sensitive data that they no longer need in their new role. In addition, it will also immediately alert HR teams about suspicious activity based on the level of the role, such as if a senior executive is accessing data typically used by more junior employees.
In addition to helping HR leaders quickly identify and respond to potential security threats as soon as they occur, the new capabilities also automate compliance reporting to help security teams focus on assessing and responding to immediate risks. And what’s more, because the new capabilities are embedded in Oracle Cloud HCM and powered by machine learning, they continuously develop a better understanding of normal and abnormal behavior over time.
HR teams are entrusted with extraordinary amounts of sensitive data, often needing to store and protect personally identifiable information for thousands of employees. As access and use of data has become more automated over time, so too has the need for teams to automate the way that they secure that data.
In order to help our customers, stay one step ahead of malicious actors and stop suspicious activity whenever, wherever and whoever it comes from, we are committed to providing our customers tools like Oracle Advanced HCM Controls that give them the visibility and automation they need to safeguard their data, their employees, and their organization.