Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Cyber insecurity: Managing the threat from within

By Chris Bush, Head of Security, ObserveIT, a Proofpoint company

No industry experiences a higher volume of online attacks than financial services, and more than half of those attacks (58%) come from insiders (Forrester 2019). Even more eye-opening is that the financial services sector experiences the highest cost of insider threats, at $12.05 million per year.

Chris Bush
Chris Bush

An insider threat can happen when someone close to an organisation with authorised access misuses it to negatively impact the organisation’s critical information or systems. This makes all organisations vulnerable from the inside out. Crucially, that person does not necessarily need to be an employee – third party vendors, contractors and freelancers, and trusted business partners could pose a threat as well.

 Often, when companies think about data loss, they naturally think of it as a data problem. They prioritise visibility into data when it is really a people problem. After all, data does not move itself; people move data. Yet, employees, privileged users, or third parties must be given access to critical applications, systems, and data to do their jobs effectively. So, what can companies do?

 As a first step, it’s vital to understand what motivates an insider threat. By knowing what types of insider threats are within your organisation, along with their potential motivations and characteristics, it becomes easier to identify if and when your organisation has become a victim of an insider data breach or incident.

 Perhaps the most well-known insider cases to those in the financial services world are those that are driven by malicious intentions. For example, as a front office employee is jumping ship to a competitor, they decide to take proprietary trading strategies or client research with them to their next employer by exfiltrating that intellectual property via email, printing the files or using a USB drive. In the hedge fund and proprietary trading world, significant sums of money and competitive advantages are at stake when malicious insiders get away. Even in the back office, privileged users may attempt to manipulate trading systems or reconciliation servers for financial gain or due to professional frustration.

Yet, many insider breaches are also caused accidentally, driven principally as a result of negligence or poor security hygiene. Just think for a moment about how a well-meaning quantitative code developer may mistakenly leave servers in the cloud unprotected. Equally, in the modern age, convenience often overpowers almost all else. If your cybersecurity policies, tools, etc. make it difficult for insiders to do their work in a quick and efficient manner, they will likely look to circumvent the in-place systems. And, lest you believe these accidents are trivial, negligence-based insider threat incidents are 3 times more frequent than malicious insider activity and waste endless hours of your Security Operations team to remediate. By the way, such accidents also cost organisations an average of $3.8 million per year.

 Whether intentional or accidental, it’s understandable that user-posed risks to critical IP leave many financial management firms worried about insider threats. However, there are many ways companies can be empowered protect themselves from the inside out. Insider risks can be identified and eliminated when companies choose to invest in a people-centric Insider Threat Management strategy – one that is driven by technology, offering complete visibility and context into what users are doing when, where, why, and how – but also supported by policies and processes that empower employees and trusted insiders to be part of the solution, and not the problem.

When it comes to technology, financial service firms are often run by mature security programmes with a focus on lean efficiency. These demands heighten the need for comprehensive insider threat detection systems that can catch insider threats from both classic vectors (like email, print jobs, USB usage) and newer technologies (such as file-sharing apps, cloud storage sync jobs, and more).

In theory, traditional endpoint DLPs can look like the answer but what they fail to detect is the worrying or strange changes in behaviour or out-of-policy conduct that indicates either a malicious or negligent breach in motion. DLPs are heavy on endpoints and don’t provide enough context into both user and data activity. Similarly, though many SIEM or UEBA can detect anomalous user behaviour, they cannot correlate the critical IP with specific users to tell the whole security story of what happened to cause the breach.

Companies need solutions that provide full, granular visibility into the who, what, and why behind any breach. With solutions that deliver the full context around user and data activity, security teams can separate accidental from malicious activity and appropriately respond either through prevention technologies, user education or more punitive measures. Crucially, with this deep-dive information, businesses can put changes into action to prevent the situation from occurring again in the future and save valuable time. It might come as a surprise to learn that, on average, it takes a significant 72 days to contain an insider threat. It can take weeks, months, or even years to piece together what happened without the right tools.

Ultimately, quickly detecting and containing the insider threat is essential to managing both data security risk and the subsequent expenditure that comes with limiting the impact of a breach on the company’s bottom-line. With the right detection and prevention technology, plus supporting policies and processes in place, exposure to unnecessary risk is significantly reduced. Another positive is that with complete visibility into all activity on your network, organisations can not only catch and stop insider threats, but meet and surpass all compliance and regulatory requirements with ease – a big plus for those in the financial services sector.