Search
00
GBAF Logo
trophy
Top StoriesInterviewsBusinessFinanceBankingTechnologyInvestingTradingVideosAwardsMagazinesHeadlinesTrends

Subscribe to our newsletter

Get the latest news and updates from our team.

Global Banking & Finance Review®

Global Banking & Finance Review® - Subscribe to our newsletter

Company

    GBAF Logo
    • About Us
    • Profile
    • Privacy & Cookie Policy
    • Terms of Use
    • Contact Us
    • Advertising
    • Submit Post
    • Latest News
    • Research Reports
    • Press Release
    • Awards▾
      • About the Awards
      • Awards TimeTable
      • Submit Nominations
      • Testimonials
      • Media Room
      • Award Winners
      • FAQ
    • Magazines▾
      • Global Banking & Finance Review Magazine Issue 79
      • Global Banking & Finance Review Magazine Issue 78
      • Global Banking & Finance Review Magazine Issue 77
      • Global Banking & Finance Review Magazine Issue 76
      • Global Banking & Finance Review Magazine Issue 75
      • Global Banking & Finance Review Magazine Issue 73
      • Global Banking & Finance Review Magazine Issue 71
      • Global Banking & Finance Review Magazine Issue 70
      • Global Banking & Finance Review Magazine Issue 69
      • Global Banking & Finance Review Magazine Issue 66
    Top StoriesInterviewsBusinessFinanceBankingTechnologyInvestingTradingVideosAwardsMagazinesHeadlinesTrends

    Global Banking & Finance Review® is a leading financial portal and online magazine offering News, Analysis, Opinion, Reviews, Interviews & Videos from the world of Banking, Finance, Business, Trading, Technology, Investing, Brokerage, Foreign Exchange, Tax & Legal, Islamic Finance, Asset & Wealth Management.
    Copyright © 2010-2026 GBAF Publications Ltd - All Rights Reserved. | Sitemap | Tags | Developed By eCorpIT

    Editorial & Advertiser disclosure

    Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

    Home > Business > While holiday hacks lurk, the insider threat mustn’t be ignored
    Business

    While holiday hacks lurk, the insider threat mustn’t be ignored

    Published by maria gbaf

    Posted on December 28, 2021

    5 min read

    Last updated: January 28, 2026

    An image depicting a financial advisor explaining green finance products to clients, highlighting the importance of sustainable investments and risk avoidance in the finance sector.
    A financial advisor discussing green finance options with clients - Global Banking & Finance Review
    Why waste money on news and opinion when you can access them for free?

    Take advantage of our newsletter subscription and stay informed on the go!

    Subscribe

    Quick Summary

    Insider threats in banking are rising, especially during the holiday shopping season. Effective identity access management is crucial to mitigate these risks.

    Addressing Insider Threats in Banking Amid Holiday Cyber Risks

    By Ben Bulpett, EMEA Identity Platform Director, SailPoint

    The holiday shopping season is in full swing. Online sales are forecast to hit over £32 billion from mid-November to the end of December 2021. However, it’s not all glad tidings; more online shopping equals more sharing of online credentials and greater cyber risk. And this risk is prolific – hackers stole £754 million in the first six months of this year alone.

    Where money flows, criminals follow. Methods used by cybercriminals to infiltrate and exploit the swell of online retail are becoming increasingly more sophisticated. For example, almost one-third of UK respondents to a recent survey said they had received emails and messages impersonating retailers over the past year. According to Which?, ‘smishing’ (SMS phishing) increased by 700% in the first six months of 2021.

    With most credit card transactions at some point going across the banking network, and with the potential financial impact of customer fraud, banks need to be more alert than ever to who is accessing their systems and data. This isn’t limited to just outsider threats, despite these often dominating the headlines. Concerningly, the banking industry retains the dubious reputation of having the highest rates of insider data breaches across any sector. Not always criminal in nature, even accidental breaches can end in misery for customers and providers alike. Running through so many of these breaches are issues with identity access and security.

    While external threats and attacks launched on unsuspecting customers will continue to evolve, banks and financial institutions must ensure their lines of defense remain water-tight. Using AI and machine learning, businesses can put in place appropriate identity security measures to detect unusual behaviour and take immediate action to stop a breach occurring.

    Making a list, checking it twice; who has what and why?

    Managing internal threat, the risk posed by employees themselves, is not often top of the holiday list, with much focus on what criminals are doing to dupe holiday shoppers. When shopping online, banks need to ensure that both the device and the shopper’s identity are verified. However, with the genuine risk of internal data leaks, banks also need to ensure that the employees tasked with handling data and those who have access to it are appropriately screened and audited.

    This starts with ensuring that data is only accessible to those who need to use it. Users with incorrect access privileges are one of the most significant areas of identity fraud. This also includes ex-employees who remain able to access systems due to poor identity and access management practices. Where malicious insiders are provided with access to the data they exploit, such seemingly ‘legitimate’ activity is much harder to detect than that of the brute-force hack.

    There are also legacy issues that can lead to innocent leaks, where financial institutions still in the digital transformation process retain pockets of poor practice. Complex organisational structures mean many are still in a hybrid state where spreadsheets and other manual processes continue to sit alongside more sophisticated processes. This provides ample opportunity for unprotected documents that contain sensitive or PII data to be shared incorrectly or misdirected.

    Without a complete view of all data access across an organisation, there is no way to uncover such hidden risk. This has been made harder during the pandemic where remote working, furlough, and unprecedented hiring have rapidly changed the employee mix and provided additional access points. With the government continuing to issue Covid-prevention measures in reaction to new variants, this landscape is ever changing, but systems and processes are not adapting at the same rate.

    Top of the wish list

    Even in the face of such challenges, preventative steps can be taken to mitigate insider threats. For example, IT teams can use automated access and geolocation alerts to spot abnormal behaviours. Made possible through AI and ML-driven security measures, this can be the basis of an agile identity security foundation that learns and adapt as business needs change.

    Gaining a full view of customer data is hard when so much of this data is unstructured. We are not dealing with simple transactional data anymore. Indeed, some challenger banks, in particular, are increasingly using biometric authentication such as voice, fingerprint, or video (notwithstanding the recent wave of concern around deep fake technologies) within multi-factor authentication, giving rise to the need to protect extremely sensitive personal data, beyond the financial.

    Identity security is a cybersecurity tactic that delivers a holistic view of data access in an organisation, with a pure view of all identities, their permissions, and actions. This provides greater visibility over each application, data repository, cloud service, and internal platform, reducing the risk of password duplication, permissions creep, and over-provisioning.

    While much attention is on the risk posed by external holiday hacks and scams, the ongoing risk posed by the insider threat cannot be ignored. Identity security must be top of the wish list for banks seeking to shore up defenses against potential breaches or hacks. Any criminal activity that results in customers losing funds or having sensitive data comprised is clearly of the utmost concern to banks, both given regulatory fines incurred as well as major reputational damage. However, where that criminality results from poor internal controls and identity security, it is almost unforgivable.

    During this holiday season, financial institutions, of course, must be alert and responsive to new scams and sophisticated external attacks. The risk is that this facilitates a blind spot, where they fail to see the threat sitting at their own table.

    Key Takeaways

    • •Insider threats in banking pose significant cybersecurity risks.
    • •Online shopping increases cyber threats during the holiday season.
    • •Identity access management is crucial for preventing data breaches.
    • •Banks must screen and audit employees handling sensitive data.
    • •Remote work has complicated data access and security measures.

    Frequently Asked Questions about While holiday hacks lurk, the insider threat mustn’t be ignored

    1What is the main topic?

    The article discusses insider threats in banking and the importance of identity access management during the holiday season.

    2How can banks mitigate insider threats?

    Banks can mitigate insider threats by implementing strong identity access management and auditing employee access to sensitive data.

    3Why are insider threats a concern during holidays?

    Insider threats are a concern during holidays due to increased online shopping, which raises the risk of data breaches and cyber attacks.

    More from Business

    Explore more articles in the Business category

    Image for How Commercial Lending Software Platforms Are Structured and Utilized
    How Commercial Lending Software Platforms Are Structured and Utilized
    Image for Oil Traders vs. Tech Startups: Surprising Lessons from Two High-Stakes Worlds | Said Addi
    Oil Traders vs. Tech Startups: Surprising Lessons from Two High-Stakes Worlds | Said Addi
    Image for Why More Mortgage Brokers Are Choosing to Join a Network
    Why More Mortgage Brokers Are Choosing to Join a Network
    Image for From Recession Survivor to Industry Pioneer: Ed Lewis's Data Revolution
    From Recession Survivor to Industry Pioneer: Ed Lewis's Data Revolution
    Image for From Optometry to Soul Vision: The Doctor Helping Entrepreneurs Lead With Purpose
    From Optometry to Soul Vision: The Doctor Helping Entrepreneurs Lead With Purpose
    Image for Global Rankings Revealed: Top PMO Certifications Worldwide
    Global Rankings Revealed: Top PMO Certifications Worldwide
    Image for World Premiere of Midnight in the War Room to be Hosted at Black Hat Vegas
    World Premiere of Midnight in the War Room to be Hosted at Black Hat Vegas
    Image for Role of Personal Accident Cover in 2-Wheeler Insurance for Owners and Riders
    Role of Personal Accident Cover in 2-Wheeler Insurance for Owners and Riders
    Image for The Young Rich Lister Who Also Teaches: How Aaron Sansoni Built a Brand Around Execution
    The Young Rich Lister Who Also Teaches: How Aaron Sansoni Built a Brand Around Execution
    Image for Q3 2025 Priority Leadership: Tom Priore and Tim O'Leary Balance Near-Term Challenges with Long-Term Strategic Wins
    Q3 2025 Priority Leadership: Tom Priore and Tim O'Leary Balance Near-Term Challenges with Long-Term Strategic Wins
    Image for Using Modern Team Management Methods to Improve Collaboration in Hybrid Work Models
    Using Modern Team Management Methods to Improve Collaboration in Hybrid Work Models
    Image for Why Email Deliverability is a Business Risk Your Company Can’t Afford to Ignore
    Why Email Deliverability is a Business Risk Your Company Can’t Afford to Ignore
    View All Business Posts
    Previous Business PostCustomer satisfaction, data & the post-pandemic recovery
    Next Business PostRetail technologists must brace themselves for a holiday season like no other