28 November 2015


Retired Member

1,294Posts 4,402,685Views 1,543Comments

It’s time to wake up to the insider threat

08 May 2014  |  1384 views  |  0

The Bank of England recently announced plans to hire ethical hackers to carry out penetration tests on major banks and financial institutions. This is a positive step in the right direction to expose security vulnerabilities. However, quite often the real roots of data breaches lie within the organisation, in poor internal security policies and a lack of preventive mechanisms to safeguard against insider threats.

Banks’ infrastructures are constantly under attack, and that’s not going to change. It’s important to recognise that threats can often stem from insider hacktivists or a weak security culture in the back office, which leaves sensitive data and apps open to abuse or theft.

Recent breaches at Korea Credit Bureau (KRB), Target and Morrisons have highlighted how the insider threat can become a serious breach, causing both financial and reputational damage. Verizon’s recently published 2014 Data Breach Investigations Report (DBIR) really drives this home, with “insider and privilege misuse” cited as one of the nine patterns that all breaches can be described by.

According to the report, within this category, 88 percent of security incidents were highlighted as privilege abuse; or in other words, an employee or outsider taking advantage of assigned access privileges. And what’s more, in over 70% of intellectual property theft cases, insiders stole information within 30 days of announcing their resignation. So it’s not just current employees that pose a threat.

So how can we make sure that by the time the 2015 DBIR is published, these figures are significantly lower?

The key here is insight – a real-time visibility into what is being accessed, at what time, and by whom, to ensure that the right people have the right privileges. There’s more sensitive data online than ever before, yet so many organisations still have limited visibility into what is going on. The only way to get insight into where and how privilege abuse may be happening is by applying analytics to the big data of identity and access. By analysing user access rights and the associated risk on a continuous basis, financial organisations can identify suspicious behaviour patterns to expose threats of inappropriate access.

Looking at the bigger security picture, the majority of serious data breaches use stolen or misused legitimate access privileges. Banks need strong, reliable systems in place to quickly identify any security vulnerabilities and take appropriate actions to prevent a breach and avoid severe long-term damage. 

TagsSecurityRisk & regulation

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Retired

Big Data Pitfalls: The Amateur Data Scientist

26 October 2015  |  1621 views  |  0  |  Recommends 0 TagsInnovation

Reflections on FinovateFall: Mobile, Money and Millennials

24 September 2015  |  1082 views  |  0  |  Recommends 0 TagsPaymentsInnovation

Interoperability: Prerequisite for Next Generation of Mobile Money

08 September 2015  |  1901 views  |  0  |  Recommends 0 TagsPaymentsInnovation

Think More Broadly: Banks CAN Monetize Cash Transactions

31 August 2015  |  1564 views  |  0  |  Recommends 0 TagsPaymentsInnovation

Software development in the retail FX Industry

28 August 2015  |  386 views  |  0  |  Recommends 0 TagsTrade execution

Retired's profile

job title
member since 2014
Summary profile See full profile »

Retired's expertise

What Retired reads
Retired writes about

Who's commenting on Retired's posts

Ketharaman Swaminathan
Brendan Burge
Astrid Mitchell
Balasubramaniam GD
Tony Ballardie
Graham Seel
Bjorn Soland
John Candido
Gregg Weintraub
Stanley Epstein
Charmaine Oak
Roy Vella