Banking
How to combat against insider threats: A strategy financial institutions can bank on
By Rashid Ali, Enterprise Solutions Manager, WALLIX
Despite popular opinion, cyberattacks are not always an attempt to take over or cripple a businesses’ infrastructure. In fact, one of the leading causes of cyber crime comes from insider threats and human error. All organisations understand the need to have strong cybersecurity measures in place to protect personal and corporate data, but financial services, have an increased need for advanced security with both money and personal data at risk. The challenge with insider threats, is when it comes to financial services, most employees have access to highly sensitive data. Think of credit card information, date of births and home addresses – this type of data can be a gold mine for criminals. So, what exactly are insider threats and how can financial institutions combat against this?
Insider threats come in all shapes and sizes
Although at first the thought of an insider threat may sound like a difficult topic to bring up and a question of trust, this is not the case. Insiders come in all shapes and sizes and simply put, this term refers to all employees and internal people who have access to company assets and data. Anyone who has privileged access (e.g. login credentials) to sensitive servers, data, and systems can be considered an insider threat, as each person’s access is a point of vulnerability. These insiders can be anyone from the CEO through to HR managers or banking tellers – essentially an insider threat can exist at every level of the organisation. In addition, insider threats can also refer to external employees such as contractors, freelancers and third-party vendors who have access to the company’s infrastructure. Financial transactions often require more than one system from multiple corporate entities, so it important to ensure this aspect is also considered.
This is whole lot of risk that businesses and institutions need to protect against. But it is not the thought that these users could be breaching protocol or stealing data that is the biggest risk, the vast majority of insider attacks are in fact accidental. And this is what makes insider threats just so risky.
Human error is only natural and even the most trusted of employees can mistakenly download a corrupt file, click on a phishing link or simply lose a device which has their credentials and passwords saved, and these are just some of the accidents that happen on a daily basis. It hardly then comes as a surprise that these of types of threats are on the rise with the latest research pointing to almost double the number of insider attacks in the past two years.
Getting ahead of insider attacks with deterrence
While it may feel like an impossible task, there are steps businesses and institutions can take to get ahead of insider threats and bolster security. It can be difficult to spot or predict an insider attack and therefore deterrence is the best defence.
Training employees and ensuring everyone across all levels of the company understands the importance of security is a first natural step. It is important to ensure everyone is singing from the same hymn sheet, understands any protocols and can easily identity unsecure messages as this will gradually start to reduce some of the risk. This is even more important for financial institutions as there are additional regulations in place which employees must follow if they have access to sensitive information.
In addition, training should be coupled with a multi layered security approach and privileged access management, especially when financial data is at risk. Financial organisations typically have a complicated security infrastructure in place due to the way they operate as it requires the coordination of multiple corporations, people, and processes. With this in mind, it is even more imperative that these institutions adopt privileged access management. With this type of solution in place, organisations will be able understand who has access to what data, how it is used and when access was granted. Additional restrictions and protocols can be added, for example when it comes to those in the banking sector it is expected that most employees will need access to sensitive data in some form. However, privileged access management allows the business to set parameters such as the time of day certain information is accessed, the location of the data request and other restrictions so any red herrings can be flagged. Only with this level of insight will organisations be able to take steps to mitigate the risks of insider threats without hindering employee productivity.
Fundamentally, gaining comprehensive access control, visibility and monitoring access is the key to overcoming the threat of insider attacks. Financial institutions will always be a highly lucrative target due to the data they hold, but privileged access management should be at the heart of any cyber security strategy and it is a necessity for those that want to stay as secure and compliant as possible.
-
Top Stories4 days ago
Australia’s ANZ Group to settle credit cards class action for $37.4 million
-
Top Stories4 days ago
Analysis-Spain’s battle of the banks as BBVA narrows gap to Santander
-
Top Stories4 days ago
Talgo’s top shareholder in talks with Stadler over takeover bid, report says
-
Top Stories3 days ago
Google, Apple breakups on the agenda as global regulators target tech