Insider Threat in Financial Sector

According to CA Technologies, 53% of the organizations they surveyed experienced an insider threat in the past 12 months and it is only growing in frequency. How can a company combat a threat when it’s coming from their own people?

The Definition: Insider and Insider Threat

An insider is any person that has access to a company’s information, network, and system because they are part of or a partner to the company. An insider can be a business partner, a shareholder, an executive or even an employee. That person becomes a threat when they misuse or abuse their authority and negatively affects their organization. These acts may include data leaks, fraudulent press releases, and conspiring with malicious third parties. Here are the different types of insider threats:

1. Nonresponders

Not all insider attacks are intentional. Nonresponders are employees or staff that fail to attend awareness training by their company. Their ignorance of safety protocols and company policies can become a liability. Not only can an impostor acquire their credentials but they can also become a victim of phishing. According to a survey by Ponemon in 2016, 69% of healthcare organizations said that negligence is one of the biggest threats to their security.

2. Inadvertent Insiders

Inadvertent insiders are those who attend security awareness trainings and comply with company policies, but make isolated errors that are exploited by cybercriminals. Both nonresponders and inadvertent insiders commit unintentional attacks to their organization. Ponemon also reports that 13.4% of insider attacks are caused by negligence or ignorance .

3. Insider Collusion

These insiders conspire with a third party with malicious intent. Their numbers are on the rise as cybercriminals are extending their efforts to recruit them. These attacks may include fraud or intellectual property (IP) theft.

4. Malicious Insiders

These kinds of criminals are usually motivated by greed as they look for other means of income or benefits. Malicious insiders copy sensitive data to their personal accounts little by little to avoid detection and earn a profit by selling those information. People involved in these kinds of attacks have access to confidential information and would usually have managerial or leadership roles.

5. Disgruntled Employees

Their main difference from malicious insiders is that revenge is their motivation. These kinds of people are intent on sabotaging the organization’s reputation by whatever means necessary.

The Key: An Insider Threat Strategy

A company’s greatest asset can also be its worst liability. When developing a threat strategy, it is important to note that people are more complex than computer networks and systems. Here are steps to help prevent an insider attack:

1. Form an anti-insider Attack Team

Have a team composed of cyber security experts. These are people who will have access to all of the company’s assets and have knowledge of the items that need to be kept confidential. Once they assess the vulnerabilities of the network, they will be able to prioritize the required tasks to prevent insider attacks.

2. Have Behavioral Analytics

People have their own routine every day. One way to find out if anyone is a potential threat is to spot significant changes to their routine. If the employee or business partner attempts to bypass security, access data that is not related to their job, or copies sensitive documents, the possibility of an insider attack becomes more likely. Making use of user behavioral analytics will also help detect if there are malicious insiders within the company by monitoring every device activity.

3. Mitigate the Vulnerabilities

After monitoring user behavior, it is crucial to limit insider access to sensitive data—giving access only to what their job requires of them, and nothing more. Taking note of what documents contractors and other third parties have access to can also identify what files need securing. The organization can make use of Data Loss Prevention (DLP) tools that will encrypt data online or offline.

This step also involves training employees about cyber security awareness. Giving them the right resources and requiring them to attend such events will not only increase their knowledge of the threats but also create accountability among themselves.

Lessening the vulnerabilities will include regularly monitoring file access and maintaining security hygiene. Update antivirus software and firewall and install anti-spyware and multi-factor authentication (MFA) tools. All in all, this will improve the security standing of the network.

Improving and cleaning company assets and educating all employees are the first steps to having a secure network. With this, it is also important to remain firm and consistent with the strategy your organization operates on. Continuously monitoring all files and activities can prevent a potential insider attack and encourage not only customer trust but also company responsibility and accountability.

Talk to us

Wilson Consulting Group’s (WCG) offers a comprehensive suite of services that can assist your company fight against cyber attacks.

WCG offers vulnerability assessment and privacy assessment to determine your network vulnerability, and guides you to choose the right solutions for your company. We also offer security and development training and security analytics solutions. Make the first step to securing all channels in your organization to minimize risks and improve your security profile.