Sep 21 2021

Why Financial Services Companies Are More Prone to Insider Threats, and What They Can do About It

To address this growing problem, banks must identify the greatest sources of risk and deploy three vital mitigation tactics.

Insider threats pose a growing problem for enterprises — recent survey data found that 66 percent of organizations say malicious or accidental insider attacks are more likely than their external counterparts.

The issue is especially worrisome for financial services firms. According to S&P Global Market Intelligence, current market conditions have created “significant” challenges for banks that, in turn, put them at greater risk of insider threats. Banks also have more to lose from these threats. “While these challenges are present in any institution, insider threats pose a greater risk for banks,” says Gaurav Deep Singh Johar, member of the Emerging Trends Working Group for the IT trade association ISACA. “There is a big reputational impact, thanks in part to increasing regulatory oversight.”

What are the most common sources of insider threats, and how can financial services companies tackle this problem from the inside out?

Where Are Banks’ Insider Risks Coming From? 

While banks at different stages of IT development and deployment face different threat distributions, three insider risk sources are common:

  • Remote work environments: The shift to remote work has created the ideal environment for insider threats. As S&P Global Market Intelligence notes, the mental stress put on employees now navigating a mix of old and new processes has sparked worry about increased insider threat activity.
  • Issues at the edge: As banks continue the push for more cloud adoption, insider issues at the edge have emerged. Here’s why: When faced with tight deadlines and restrictive IT rules, staff may opt for unapproved apps or services, which may expose banks to greater risk. Consider the malicious software development kit found in 1,200 iOS apps in August 2020, which created security risks across billions of installations worldwide.
  • Mergers and acquisitions: Slow M&A activity combined with a capital cash buildup has created a hot merger market in 2021, but this poses insider threat issues for banks. As firms merge systems and personnel, both gaps and overlaps in existing security frameworks can create potential areas of exposure that may be overlooked as merger processes take priority.

Which Insiders Pose the Greatest Cyberthreat in Financial Services?

When it comes to insiders, front-line staff and customers pose the biggest cybersecurity concerns.

Remote access and cloud-driven services combine to create a perfect storm for these employees. While in most cases staff threats are accidental — they may open infected emails or use nonsecure apps to complete key tasks — the results are no less damaging to reputation and revenue. Customers also pose a potential risk, despite their limited access to critical information, because compromised accounts could lead to unauthorized fund transfers that put banks — and their security processes — in the spotlight.

MORE FROM BIZTECH: What financial institutions need to know about ransomware.

Although their access to data and their potential reach within the organization differ, Johar makes it clear that these insiders share the same threat vector: “I would say one of the biggest threat vectors is the credential compromise. It could be that it’s not the actual employee, but that their credentials are taken over; it could be customers, or it could be employees. Account takeover is a big risk.”

How Financial Services Companies Should Tackle Insider Threats

Despite best efforts, the access needed by both staff and clients means the possibility of insider threats always exists. Instead of trying to eliminate the threats, banks should focus on tactics that reduce risk and mitigate the impact of these issues when they occur. These include:

  • Regular access reviews: To reduce the risk of insider threats, banks need to find credentials that have been leaked or compromised. To accomplish this, Johar recommends that banks review access every few months to ensure staff have access only to services and solutions they need. Tighter control of employee roles and movements across the network can reduce total risk.
  • Improved key management: Johar also points to the need for better management of data encryption keys. “You need to create a security framework where no single person has all the keys,” he says. “For example, if you’re a sysadmin with privileged access, you can deploy obfuscation tools so that employees can’t see the key and inadvertently compromise data.”
  • Token-based user validation. Validation and authentication are also critical to reducing insider risk. For Johar, this starts with zero-trust identity and access management that constantly checks and validates access. But he also suggests the use of time-based tokens that automatically log users out after a specified period of inactivity to reduce total risk.

Banks and other financial services companies can’t avoid the risk of insider threats, but they can mitigate the impact by identifying common sources, addressing compromise concerns and improving access management.

Umnat Seebuaphan/Getty Images