Now more than ever, insider threats pose a serious risk to financial institutions, especially those that have transitioned to alternate work environments to ensure business continuity, warns Fortinet.
Fortinet’s 2020 Securing Remote Work Survey revealed that the shift to remote work was putting pressure on security teams and increasing the risk of breaches. In South Africa, studies have found that remote and hybrid models are here to stay, meaning organisations must make insider risk a priority, says Doros Hadjizenonos, regional sales manager at Fortinet.
With a 47% increase in just two years, insider threats are a significant and growing problem worldwide, exacerbated by the move to remote and hybrid work models. No organisation is immune to the risk, and two-thirds of organisations now consider insider threats to be a bigger problem than external attacks, says Hadjizenonos.
Financial services companies are especially vulnerable because they are a natural target, primarily due to the fact that the types of data collected within these organisations – financial and personal – tend to have a high resale value on the black market.
Hadjizenonos continues: “Considering this, it is not surprising that the financial services industry experiences more attacks resulting from internal threats than other sectors, and remote work is increasing this risk.”
He notes that any employee has the potential to be an insider threat: “You only need access to sensitive information, or just access to the building where those resources are located, whether the individual works for the company or not. This means that even former employees, consultants, board members or cleaning staff could gain access to sensitive information.”
Not all insider threats are malicious, he notes. Accidental insider threats can be caused by staff who are careless with their passwords or who click on phishing mails, staff who install unauthorised software or use shadow IT. They can also be the result of a complacent IT staff member who misapplies a security patch, opens a back door to log into the network from home, misconfigures a network component, or forgets to change the default password on a company device.
Malicious insiders, on the other hand, are not reckless or unwitting. They know exactly what they are doing, they have a motive to steal data. We may think about the disgruntled employee or those who are paid to infiltrate or even use their position to do so. Some may be in a difficult financial situation, or a competitor with promises has tempted them. Financial institutions are likely targets because that’s where the money is.
In the remote work environment, the insider risk increases because employees might connect to the corporate network through a potentially non-secure home or public network, and they may also be using personal devices that were not procured, configured, and secured by IT, further compounding the problem.
There is also the danger that other users in the home might have access to the device.
“Because there is less oversight and fewer restrictions at home, remote users are also more likely to fall victim to social engineering attacks because they cannot simply slide their chair over to a co-worker to ask whether something is legitimate or not,” he says. “At the headquarters, IT also faces challenges when it comes to work-from-home. External connections create more traffic logs and more event data that need to be reviewed. With IT Security Teams already under strain, attacks can simply get lost in the shuffle.”
Managing Insider Threat Risk
Taking a Zero Trust approach helps organisations mitigate insider risk. Where traditionally, organisations took a perimeter approach to security in which the focus was on preventing attacks from the outside, they are now recognising that granting excessive implicit trust to those within the organisation gives attackers a great deal of latitude once the perimeter has been breached. Zero trust operates on the premise that there are constant threats both outside and inside the network.
The Zero Trust security model focuses on evaluating trust on a per-transaction basis with the idea of granting access for only what is needed for users to perform their jobs – in other words access on a need-to-know basis.
The first step in designing a Zero Trust architecture is to decide who is allowed to do what and what the resources are so each individual can do their job. Zero Trust solutions are then deployed to control access to network resources by per-application risk assessment and segmentation. Zero Trust Network Access (ZTNA) verifies users and devices before every application session to confirm that they conform to the organisation’s policy to access that application.
ZTNA supports multi-factor authentication to maintain the highest degree of verification. It is important to secure all devices and ensure that the Zero Trust approach can provide the same protocols, no matter where the worker is physically located and how they’re accessing company resources.
By implementing a Zero Trust approach, organisations can better protect their networks, customers and employees from new risks in a remote work environment.