The latest report from PwC, surveying 1,330 financial sector employees across 79 countries, has exposed that about 38 percent of the incidents were caused by an internal source. IT staff rank the highest as a potential internal threat because they have means
and opportunity to commit a crime.
Recent security breaches have highlighted the importance of the human factor in facilitating hacking attacks that are fully or partially caused by insiders. To be able to understand insider threats, what is really important to recognise is the complexity
of user relationships within a financial organisation. Quite often senior people who have access to sensitive data are difficult to challenge because of their high professional stature. Or it could be an average worker who has access to information that they
are not supposed to view.
The steep rise in data theft perpetrated by employees raises important concerns over how organisations are tackling data security issues related to misuse of sensitive data by employees. As organisations open their networks to multiple remote users and devices
and struggle with an explosion in identity and access related data, it’s becoming increasingly hard to track and manage access to sensitive information.
These situations create significant risks for organisations as poor control of access to sensitive data can lead to costly data breaches and loss of intellectual property. To overcome these challenges, financial organisations need ‘intelligent’ systems that
can analyse multiple risk factors and detect suspicious behaviour ideally before it causes significant damage to their business.
Our own research into the issue showed that nearly 1 in 5 of U.S. workers aged between 18 and 34 would take confidential company information with them if they are leaving the organisation. It is even more alarming that nearly 1 in 6 of the surveyed employees
admitted that they have been able to use old work usernames and passwords to access a former employer's computing systems. While these are US figures, it’s very likely that these attitudes are also replicated in Europe.
To tackle the risk of insider theft, financial organisations need more automated ways to monitor and analyse access risk data in real time. This will enable banks, for example, to quickly identify misuse of access privileges and take appropriate actions
to mitigate the potential damage for their organisation. With the use of real-time access insight organisations will be able to pinpoint not only existing security vulnerabilities but also potential risk areas and identify the actual causes for these risks.
This will result in improved control over how sensitive data is being used and shared by employees, and a better understanding of access risk.