The latest industry news, articles and events
Insider Threat is faced across all industries; however, the Financial Services industry has always been a primary target for financial fraud and data theft. In this highly regulated environment, Financial Services organisations are trusted not only with individuals’ finances, but also keeping customers’ highly sensitive personal and financial data secure. Any legitimate threats can lead to detrimental impacts such as financial losses, data leaks, regulatory fines and damage to brand reputation and customer perception.
The average cost of a data breach within Financial Services is among the highest of any industry, at $5.85 million USD, according to the Veronis 2021 Financial Data Risk Report. The 2020 Ponemon Institute Cost of Insider Threats Report also found that the frequency of Insider Threats has risen by 47% over the last two years, and increased in cost by 31% since 2018. Furthermore, the 2020 Verizon Data Breach Investigation Report states that 30% of all breaches were caused by an Insider Threat. These statistics paint a picture of the internal employee-centric risks present for Financial Services firms.
Insider Threats are defined as malicious individuals that pose a risk from within an organisation. These can come in many guises including current employees, former employees with active system credentials, and contractors who have proprietary information regarding internal protocols, security practices and computer systems. Insider Threats pose a higher risk than external threats as they already have a working knowledge of a company’s data protection methods, security practises, and have organisational trust, allowing them to bypass these more easily.
Financial Services organisations are an attractive target for malicious insiders, with financial fraud the primary motive. However, it should be noted that there are various types of Insider Threat.
It is common for departing employees to leave their employment to either join a competitor or set up on their own, stealing data in the process, and despite any NDAs they may have signed. A study conducted by the Ponemon Institute identified that 59% of employees who either resign or are asked to leave, subsequently take confidential business information with them. The study also found that 65% of respondents admitted to taking proprietary and confidential data that could affect their former company’s business competitiveness and result in a data breach.
Disgruntled employees may come into conflict with their employer and may become an Insider Threat by seeking vengeance and exploiting company data. This could happen in the form of data deletion or corruption and exporting/selling proprietary data such as client data or financial information to a competitor or on the dark web.
Whether it is for financial gain selling company intellectual property or gaining an advantage at a competing organisation, a malicious insider committed to industrial espionage can cause significant damage.
It can be challenging to detect a malicious insider as they are usually highly self-motivated and with their privileges, they can access private information for financial gain, often remaining undetected for a lengthy period. Many malicious insiders have specific network privileges that enable unrestricted access to client or business-sensitive financial information, which they may steal, destroy, or release.
Types of data can include:
Methods of insider data theft
While insider data theft is assumed to always be intentional, this is not always the case. Within the realm of cyber security, an employee behind the data theft may have been exploited by cybercriminals as a weak link within an organisation. For example, hackers may use compromised accounts, credentials, or personal devices of careless victims to get a hold of the information they need. Other reasonable explanations include:
Using a compromised account, cybercriminals can hide in plain sight on a company network and may go unnoticed for weeks, months, or even years. The more access rights the compromised account has, the greater the potential damage.
Whether digitally or in person, there are common behavioural traits that can indicate an active internal threat. These indicators are important for employers to monitor, detect, and halt potential Insider Threats. While behavioural warnings can be an indication of potential issues, digital forensics and analytics are the most efficient ways to detect Insider Threats. They assist in detecting potential Insider Threats, analysing, and alerting when a user behaves suspiciously or outside of their typical behaviour. Here are common insider data theft indicators:
Digital Warning Signs
Behavioural Warning Signs
As Insider Threat becomes more problematic, organisations need to take proactive steps to secure their proprietary data. There are security methods that can be deployed to decrease the risk of valuable data being stolen by an internal actor as well as cybercriminals:
London: 0207 438 2045
Manchester: 0161 797 8123