By now, anyone that’s involved in IT understands that today’s cybercriminals aren’t simply computer geeks attempting to crash websites and internet-connected devices from their homes. Instead, they’re experienced professionals that identify and execute ways to tap into the digital business world and steal sensitive data, writes Perry Hutton regional vice-president: Africa at Fortinet.
Currently, the financial services sector seems to be in the crosshairs as much, or more than any other industry.
However, it’s been reported that half of all security incidents today are actually being committed by the same individuals whose job it is to keep the bad guys out. That’s right. Employees at financial institutions are just as likely to cause a data breach as a malicious criminal from the outside.
Here’s a short list of the ways insider security threats have recently plagued financial institutions.
Leaked customer information
In just the past couple of years alone, there have been more than a few different financial institutions that faced security threats due to disgruntled or rogue employees.
One of these instances occurred when an employee at a financial institution leaked the customer data of its wealth management clients to a file sharing website. The data leak did not result in any significant financial damages, but many of their clients began asking questions and second-guessing their partnership.
Another large financial institution faced a similar problem when an employee, who was also a reported member of an organized cybercriminal group, leaked enough customer information for the group to be able to create fake checks, which were then used to steal money from unsuspecting victims. It was reported that one of the victims lost as much as $20 000 as a result of the data leak.
Consequence: When employees intentionally leak customer or client data, they open the institution up to significant financial and reputational vulnerabilities and liabilities.
Stolen trade secrets and proprietary data
Customer or client data isn’t the only sensitive information that has been stolen by companies’ very own employees. Over the past couple years we have heard of a number of instances where an organisation’s trade secrets and proprietary information were stolen, then taken by that employee to another business.
As these sorts of compromises become more common, criminals on the dark web are looking to capitalize on them. According to Avivah Litan of Gartner, “The reason for the increase in insider threats is, in fact, the ease in which disgruntled employees can ‘get back’ and harm their employees by selling their insider knowledge and services to bad guys on the dark web. All they have to do is log onto TOR and make their available services known, and the criminals happily pounce on their offers.”
Consequence: Employees who turn their backs on employers and take trade secrets outside company walls can cause substantial harm to a company, and could damage its competitive edge.
Not all threats and insider security breaches are fueled by malice. Just because an employee isn’t disgruntled, doesn’t mean they can’t pose a significant data security threat. As the number of devices being brought into the workplace grows, so too does the risk of a breach.
We’ve seen a number of financial institutions suffer from employees’ usage of unsecured and unmonitored mobile applications running on the same devices where sensitive company data is located. Far too often, these apps turn out to be vulnerable or already compromised, and are targeted by cybercriminals as a “way in” to the device and the data that it holds.
Consequence: Unauthorized devices and applications can open channels for attackers from the outside to get in with relative ease. Financial organizations need to ensure they have an understanding of the devices being used by their employees and a way to check, monitor, and even block them.
How to Protect Against Insider Security Threats
It seems that across most industries, security measures against threats posed by employees are being brushed to the side despite the growth of the sorts threats just outlined. However, given the nature of the risk and potential impact of a successful compromise, financial organizations can’t afford to follow suit. Investing in technologies like Internal Segmentation Firewalls (ISFW), which provide multiple layers of security and help ensure that the most sensitive client and proprietary data is protected against hackers that have breached the network perimeter, is a critical investment.