- Remote work environments: The shift to remote work has created the ideal environment for insider threats. As S&P Global Market Intelligence notes, the mental stress put on employees now navigating a mix of old and new processes has sparked worry about increased insider threat activity.
- Issues at the edge: As banks continue the push for more cloud adoption, insider issues at the edge have emerged. Here’s why: When faced with tight deadlines and restrictive IT rules, staff may opt for unapproved apps or services, which may expose banks to greater risk. Consider the malicious software development kit found in 1,200 iOS apps in August 2020, which created security risks across billions of installations worldwide.
- Mergers and acquisitions: Slow M&A activity combined with a capital cash buildup has created a hot merger market in 2021, but this poses insider threat issues for banks. As firms merge systems and personnel, both gaps and overlaps in existing security frameworks can create potential areas of exposure that may be overlooked as merger processes take priority.
Which Insiders Pose the Greatest Cyberthreat in Financial Services?
When it comes to insiders, front-line staff and customers pose the biggest cybersecurity concerns.
Remote access and cloud-driven services combine to create a perfect storm for these employees. While in most cases staff threats are accidental — they may open infected emails or use nonsecure apps to complete key tasks — the results are no less damaging to reputation and revenue. Customers also pose a potential risk, despite their limited access to critical information, because compromised accounts could lead to unauthorized fund transfers that put banks — and their security processes — in the spotlight.
Although their access to data and their potential reach within the organization differ, Johar makes it clear that these insiders share the same threat vector: “I would say one of the biggest threat vectors is the credential compromise. It could be that it’s not the actual employee, but that their credentials are taken over; it could be customers, or it could be employees. Account takeover is a big risk.”
How Financial Services Companies Should Tackle Insider Threats
Despite best efforts, the access needed by both staff and clients means the possibility of insider threats always exists. Instead of trying to eliminate the threats, banks should focus on tactics that reduce risk and mitigate the impact of these issues when they occur. These include:
- Regular access reviews: To reduce the risk of insider threats, banks need to find credentials that have been leaked or compromised. To accomplish this, Johar recommends that banks review access every few months to ensure staff have access only to services and solutions they need. Tighter control of employee roles and movements across the network can reduce total risk.
- Improved key management: Johar also points to the need for better management of data encryption keys. “You need to create a security framework where no single person has all the keys,” he says. “For example, if you’re a sysadmin with privileged access, you can deploy obfuscation tools so that employees can’t see the key and inadvertently compromise data.”
- Token-based user validation. Validation and authentication are also critical to reducing insider risk. For Johar, this starts with zero-trust identity and access management that constantly checks and validates access. But he also suggests the use of time-based tokens that automatically log users out after a specified period of inactivity to reduce total risk.
Banks and other financial services companies can’t avoid the risk of insider threats, but they can mitigate the impact by identifying common sources, addressing compromise concerns and improving access management.