With a 47% increase in just two years, it has become clear that insider threats are a growing problem. It is a danger that no organization is immune to, and leaders are well aware of this: two-thirds of organizations consider insider threats to be a bigger problem than external attacks. And financial services companies are especially vulnerable because they are a natural target, primarily due to the fact that the types of data collected within these organizations – financial and personal – tend to have a high resale value on the black market.
Considering this, it is no surprise that the financial services industry experiences more breaches as a result of internal threats than other market sectors.
Almost anyone can become an insider threat – all it takes is access to sensitive information, or simply access to the building where those resources are located, whether the individual works for the company or not. Former employees, consultants, board members, or current employees are good examples. So are janitors.
As for intention and circumstances surrounding a threat, there are three main types:
The accidental insider can be personified in many forms. It could be the unwitting employee who clicks on a phishing email, unknowingly helping to spread malicious code around the network. It could be a manager who installs unauthorized software or uses Shadow IT. It may be the person who uses their birthday as a password or the one who writes their credentials down on a sticky note under their keyboard. It can even be a complacent IT staff member that misapplies a security patch, opens a back door to log into the network from home, misconfigures a network component, or forgets to change the default password on a company device. Or someone who simply forgets to lock a door or lets someone coat-tail them into the building.
In other words, accidental insider threats appear as a result of careless, and sometimes reckless behavior that enables cyber criminals to achieve their goal.
Malicious insiders, on the other hand, are not reckless, careless, or unwitting. They know exactly what they are doing, and they have a motive behind tampering with the network and stealing data. The disgruntled employee comes to mind, as well as those who are paid to infiltrate or use their position to do so. Some may be in a difficult financial situation, or have been tempted by a competitor with promises of a big payoff or a better job. Banks and other financial institutions are likely targets because that’s where the money is. Of course, some may also just be doing it for the thrill of it.
This is a newer category of insider. Remote workers have been around for decades, but when the number of employees working from home increases, so do the risks. In addition to connecting to the corporate network through a potentially non-secure home or public network, these employees may also be using personal devices that were not procured, configured, and secured by IT, further compounding the problem. There is also the danger that other users in the home might have access to the device.
Remote users that work in isolation are also more likely to fall victim to social engineering attacks because they cannot simply slide their chair over to a supervisor to ask whether something is legitimate or not. There is less oversight and fewer restrictions in a work-from-home environment, which, unfortunately, can lead to relaxed attitudes around security.
Back at headquarters, IT also faces challenges when it comes to the remote worker. External connections create more traffic logs and more event data that need to be reviewed, at a time when IT resources are already stretched too thin. Attacks can simply get lost in the noise.
With more insider threats to worry about than ever before, what can the IT and security teams at financial services institutions do to manage the risk?
While managing traditional insider risk is probably already part of any financial services organization’s IT strategy, managing the sudden influx of remote workers may not. Addressing remote worker threats in financial services is challenging, but by taking certain steps the security teams can manage the risk. Here is a short checklist of actions that can help secure the remote workforce:
Now more than ever, insider threats pose a serious risk to financial institutions, especially those that have transitioned to alternate work environments to ensure business continuity. While various security controls may have been put in place to keep out external cyber criminals, traditional methods of defense do not always consider the threats that already exist within the business environment. By understanding the types of insider threats that exist and following the six steps outlined above, organizations can better protect their networks, customers, and employees from new risks brought about by an expanded remote worker strategy.