Navigating the Threat from Within: Insider Threats in the Finance Industry

Posted on by Isaac Kohen

Protecting sensitive data is a top priority for financial organizations. With the expanding threat landscape, organizations must look to new technologies and strategies to protect sensitive data. Data isn’t safe and in the financial industry, sensitive data - like account information - can be exploited at any moment by an individual with malicious intention.

Old Traditions Won’t Cut It For Insider Threats

In the traditional security sense, many organizations have built their security infrastructure on a wide security perimeter basis. Traditional mitigation methods like the firewall are mitigation technologies that have been used for years. However, as expected, the world advances and technology has changed. These traditional methods are not enough to combat the growing security threats of today. This is your baseline security and new technologies need to be adapted to navigate the threat.

However, there is a threat to sensitive data that is concerning because many companies overlook it because it comes from the inside. The insider threat is anyone within your organization who has privileged access to sensitive data – such as contractors, employees or third parties like vendors and partners.

The financial industry is a prime target for insider threats. Insider threats encompass four different types of characters - the oblivious, negligent, malicious and professional insider. Negligent insiders are the most common. According to a recent research report, the vast majority (86%) of IT professionals consider insider threats to be a purely cultural issue (i.e. negligent insiders).

According to a Kaspersky – The Human Factor in IT Security survey, 46% of cyber security incidents in the last year, careless or uninformed staff had contributed to the attack. This statistic accounts for a large majority of attacks that are not commonly mitigated by traditional security methods. Security personnel must change their approach to data security to accommodate negligent insiders and more commonly insider threats.

Financial Industry is at the Center of Threatville

Negligent insiders are a factor in insider threat data loss. However, the reason they’re a factor is that they’re easy to exploit. These individuals commonly practice bad security hygiene like giving out passwords to other employees or clicking on phishing emails. These individuals also know where the ‘crown jewels’ are. They have access to important cash flow documents, competitive advantage information and shareholder data.

Uneducated employees on security threats is a large problem for the financial industry.

These firms are a high target for cybercriminals because these organizations possess sensitive data that goes for a savvy price on the darknet. Credit card numbers, social security information and the personal identifiable information is quality inventory for a hacker and the common way they’re exploiting this data is through negligent insiders. 

Further, traditional methods - as we discussed - and procedures to lock out hacks from the system and tighten security, causes a decrease in employee productivity and frustration, leading them to work around security measures to complete tasks. This is what we want to avoid. In a recent study by Dell, it was written that 91 percent of business users reported a negative impact of productivity due to the limitations and friction due to employer security measures.

Trudging Forward: Mitigation Technologies

As mentioned, technology is advancing. Luck is on the organization’s side because these advancements have brought a new line of mitigations technologies to combat the insider threat.

There are five major technologies to mitigate the insider threat; data loss prevention (DLP), machine learning, user behavior analytics, user activity monitoring and privileged access management.

I will talk about two of major importance: DLP and user activity monitoring. The key to an ultimate mitigation strategy is finding a technology that encompasses all of these technologies under one roof. 

Data Loss Prevention (DLP)

DLP is a strong buzzword in the security industry. It’s not a new concept; however, the technology has since advanced from its humble beginnings to be a strong foundation in insider threat mitigation.

DLP is a set of processes and rules to keep sensitive data safe. The technology classifies an organization’s most sensitive data, then sets rule-based alerts to notify an administrator when it is breached. As the technologies advances, it’s becoming more robust at targeting detailed sensitive data composites and following them for a breach.

User Activity Monitoring

Combined with DLP, user activity analytics and monitoring can be adapted to eliminate the insider threat. Through analytical data, this technology streamlines data from employee computers to create patterns of normal behavior. Through user activity monitoring, this technology can narrow in on user behavior and metadata to create normal behavioral profiles. User activity analytics and monitoring work together to identify threats quicker.

The financial industry struggles with two major obstacles: detecting threats timely and meeting compliance. These technologies help an organization achieve both. DLP and monitoring speed up the detection rate because the software is trained to detect anomalies. Further, this technology provides forensic evidence, which is fundamental in meeting audits like the PCI DSS Compliance Audit. 

Empowering Your Employees: Next Level of Mitigation 

The mitigation technologies stated above are the tools to help you real-in the insider threat. It’s important not to forget the power of your employees in this process. As stated, negligent employees are a major concern for financial data loss.

Managers need to take the initiative to train employees on threat awareness and use user monitoring forensics as a means to train employees on missteps. Did an employee click on a phishing email? This technology provides evidence of these incidents in a video playback method, becoming a powerful training tool. The big brother syndrome is what organization’s most worry about when applying these technologies, but educating your employees on its importance, being transparent and using it as a tool, are ways to overcome this. 

Technology is only the tool. It’s up to leadership and management to bridge the remaining gap of risk mitigation through employee education and awareness.

Research by IBM concluded that 60 percent of all cyber attacks are carried out by insiders and the financial industry remains to be top under attack. For the finance industry, the insider threat needs to be addressed. This article provided you with the building blocks of risk mitigation, but it’s up to you to put it into motion.

Isaac Kohen

CTO and Founder, Teramind

insider threats

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community