Cut the thread of threats: How banks can prevent insider cyberattacks
More often than not we consider banking and financial sector threats as external—and yet, organization insiders are more likely to launch a cyberattack.
In fact, many argue that insider threats actually pose a greater risk than external threats as the employees (“insiders” for the sake of this article) already have access to or at least know where the company keeps the crown jewels. These jewels could refer to assets that drive cash flows, competitive advantage and shareholder value.
Insiders often understand exactly what resides on company networks—the confidential information they need to complete their ever day jobs—and how to access it. Yet in some cases insiders may use their privileges for theft, destruction or even manipulation. Consider the leaking and disclosure of confidential, critical information from within a bank’s hedge fund. This could lead to the manipulation of share values, a far more profitable course for the insider when compared to traditional fraud techniques.
The risks posed from insider threats within the financial services sector include but are not limited to:
- disclosure of confidential customer and account data, leading to a loss of trust
- loss of intellectual property
- loss of money
- embarrassment, PR disaster
- destruction of a financial institution’s cyber assets
- disruption to critical infrastructure
We must take insider threats and their repercussions seriously—particularly in this sector, where attacks can put an organization on the line and leave thousands of customers at risk. In 2015, JPMorgan Chase made headlines when a former employee was arrested for stealing customer data and attempting to sell it to an undercover informant for tens of thousands of dollars. Unfortunately, this wasn’t the first time something like this had happened. Barclays Bank faced similar issues when criminals gained access to a USB flash drive with the personal details of more than 13,000 customers.
This creates a catch 22 in many ways because an organization’s employees often need to access and handle sensitive information to do their jobs. But in some cases, these employees take advantage of that access. Organizations tend to inherently trust their employees and almost blindly trust in codes of conduct, processes and procedures in place to protect the customer and other sensitive data.
As we have learnt time and time again from data breaches in the financial sector, this trust is misplaced. Nor is it enough. According to a March report published by BetaNews, cybersecurity spending for financial institutions hit an all-time high. It was reported that banks and other financial institutions “spend three times the amount non-financial organizations are spending on cyber security.” This increased spend comes from not only the heightened risk of an insider threat, but also from financial institutions “coming under increased pressure from government, top management and customers.” According to the Financial Institutions Security Risks research from Kaspersky Lab and B2B international, 64 percent of financial institutions will improve their IT security, regardless of the return on investment.
If JPMorgan Chase recently spent $250,000,000 per year on cybersecurity, one can only imagine what financial institutions spend today. Business Insider published an article in January 2017 reporting that the CEO of Barclays UK said the bank is working “very, very closely with the government” to guard against cyberattacks. Of course, part of cybersecurity means protecting the organization from insider threats and attacks. But what in fact has been done here? Insider attacks put customers’ data and finances at risk, and can jeopardize an organization’s reputation. It’s in everyone’s favor to prevent and detect them.
Richard Benham, a cybersecurity management professor and founder of the UK-based Cyber Trust, believes cyber education is fundamental and essential. While many insider attacks are malicious, the majority stem from careless mistakes employees make. Educating employees on cybersecurity, with regular updates as in-house and external technology evolve, will prove critical to help businesses protect themselves from insider attacks, no matter the cause.
SearchSecurity discusses several different ways to prevent insider security breaches across all industries. These should also serve as the bare minimum for the financial sector, where billions upon billions of dollars are on the line, as well as the business of loyal customers. These measures include:
- institute a security policy
- attend to physical security
- screen candidates and employees
- require strong authentication, and
- monitor activity
Monitoring is not new but has seen increased use of recent, especially with more employees across all sectors having access to private and confidential information. Employee monitoring ranges from video cameras to keystroke logging to network and app monitoring. It not only allows employees to detect misuse ahead of time, but can also lock employees out depending on the task.
For example, if some bad or careless actor tried to move confidential customer data onto a USB flash drive a la Barclays, employee monitoring software could lock them out as soon as they tried to transfer it from the network to an external device.
The user loses access to the data. Sharing it for personal gain becomes near impossible. This is what happens when companies join the best cybersecurity battle of all: the one that ends before it begins.
Want more Banking Strategies? Sign up for our free newsletter!
Isaac Kohen is the founder and CEO of Teramind, an employee monitoring and insider threat prevention platform that detects, records, and prevents, malicious user behavior. Isaac can be reached at [email protected].