Managing the Insider Threat

Dr. Guy Bunker, CTO, Clearswift

Thirty-nine percent of financial sector businesses said they had been victims of cybercrime, according to PricewaterhouseCoopers’ 2014 Global Economic Crime Survey. This makes this industry the most frequently attacked sector – 39% say they’ve been attacked compared to 17% reported in other industries. Despite the increase in cybercrime, the report also highlights that many banks don’t believe they will fall victim to cybercrime in the near future, showing there is clearly a gap in awareness, especially as the modern finance institution is far more dynamic and interconnected than ever before.

Whilst an array of defences against external threats already exist in the IT security world, most damage comes from within an organisation, with PwC’s Information Security Survey 2015 citing employees as the most likely culprits of a data breach. But it’s not just the malicious insider; it’sgenerally the ability of innocent, perhaps naive employees that compromise the security of data, whose value has never been higher.

What threat does an insider pose?

Financial institutions house a tremendous amount of data – with more critical information than organisations realise – and managing this is a huge challenge, which is compounded by the sheer number of complex IT assets that all interact with each other within the network. While it is relatively straightforward to protect a system from the majority of external dangers via basic security hygiene software, the myriad of interconnected IT systems within a bank inevitably leads to technical gaps in the controls, which can lead to misuse of data internally.

The risk of a data breach has also increased as trends such as BYOD, and online services have become ubiquitous. This can cause issues in terms of collaborative work as employees often bypass recommended protocols, which are more controlled, in favour of quick and easy solutions that they use as a consumer, Dropbox for example. Although many of these applications have security in place – they are not equipped to the same levels as the internal systems and they do not control the type of files that are passed through the channel, meaning users can share information that they perhaps shouldn’t.

When housing millions of customers’ details, any data that falls through these security gapscan be disastrous, not just because of the potential consequences the leaked information will have, but also in terms of business compliance and the law. In the UK, the Financial Conduct Authority (FCA) has tremendous power to levy significant fines, which not only harm the bottom line but the reputation of the company as well. In November this year, it fined RBS £56million for inadequate IT systems. Italso found that many small financial firms need to manage crime risks more effectively. Clearly there is not just room for improvement, but also a real need to address an increasingly serious situation as businesses can still be penalised even if the leak was accidental.

Balancing security with collaboration

Sharing information and working together is the lifeblood of any organisation. However, humans are humans and things will inevitably go awry. An employee may accidentally send an email with customer data attached to an unsolicited address, which could be a serious breach of policy.

One way to overcome this would be to button down the hatches, monitor all network traffic and intercept any networkactivity that could potentially lead to a data breach. However, this isn’t really a solution, it’s not conducive to collaborative working and it’s too prescriptive – not every email will be blocked for the same reason and different triggers may need different actions, some to be reported to managers, some simply to be quarantined. This heavily prescriptive approach can hinder as much as it protects.

As such, a more flexible approach is needed: one that can filter out critical information, whilst letting the rest through. This style of adaptive redaction can block sensitivedata within an email whilst still allowing it to be sent andwill enable businesses to continue to collaborate while ensuring that certain data is not shared with unauthorised parties.This style of technology can be extended to the whole of the working environment, for example – to prevent users from copying critical information to USB sticks.

At Clearswift, we’ve worked with financial institutions across the world and one solution is our adaptive redaction technology, whichcan take emails apart, find the part deemed sensitive, remove it and put everything else back together again.

While it is important for financial organisations to protect themselves from cyber-attacks from the outside world, preventing misuse from within should take equal place in any IT security strategy, as this is where an issue is more likely to arise. Equally, any information security strategy must ensure that it both facilitates collaboration whilst protecting critical information.

Guy Bunker has over 20 years’ experience in the cyber security sector, including being chief security architect at HP and Chief Scientist at Symantec.