Financial services organisations are at an inherently greater risk of cyber attacks due to the sensitive nature of the data they store, and the monetary motivations of cybercriminals, they are keenly aware of the damage that can result from being a victim of a data breach.

In 2016, the financial services sector was the most frequently targeted industry for cyber attacks, seeing a 29 per cent increase from the previous year. In light of these attacks, and in line with increased government regulations, financial services firms are breathing fresh air into their cyber security measures. A recent study found that 86 per cent of FS companies intend to increase their cybersecurity spend this year, up from 60 per cent from the year before.  There is no denying that this increased adoption of financial network security is a step in the right direction. Any re-evaluation of procedure to keep malicious actors from gaining access to the network and its data will always be beneficial to an organisation.

However, as financial services firms continue to harden their evolving network perimeters and focus on keeping bad actors out, another attack vector can often be overlooked; those who already have unrestricted access to the firm’s network.

The malicious, or careless insider:

Seventy-four per cent of respondents to a recent EY survey of global executives and IT leaders say that careless employees are the most likely source of a cyberattack. And while 56 per cent of respondents named criminal syndicates as the main source of cyber-attacks, 52 per cent also identified malicious employees as a significant risk. With IT professionals identifying insider threats as nearly as high a risk to those presented by professional cybercrime syndicates, security measures focused at the perimeter of the ecosystem are no longer adequate.

Inadvertent insider threats are often the result of a general lack of security knowledge and negligence – an employee falling victim to a phishing email or a social engineering attack are the most common. These careless insider attacks can always be a result of employees storing or sending confidential data on insecure applications or hardware that IT is not aware of, something that is referred to as Shadow IT. For example, if an employee sends a data set to a personal email address to continue working from home or over the weekend, or a cloud storage site like Box, that data is at higher risk because it is no longer protected within the confines of the organisation’s secured network.

To further complicate the matter, malicious attacks can also be inflicted by disgruntled employees or ex-employees looking to damage the company’s reputation, looking for monetary gain by selling data on the dark web, or working as an insider with criminals or even a corporate rival. Regardless of the motivation of the attack, what’s most important is detecting when data is being accessed and moved inappropriately, and stopping it. 

Reducing the risks posed by employees:

Protecting an organisation has become an increasingly difficult task because more and more employees are working remotely, and data is moving more freely into and across the cloud than ever before. Approximately 87 per cent of banking institutions employ a hybrid cloud environment,  and coupled with this,  data visibility  drops off significantly once it moves into a cloud environment. In order to mitigate insider threats, it is becoming increasingly important to know where data is stored, what data is the most valuable, who has access to it, and if that access is business critical.

After reviewing their data, many organisations choose to adopt the principle of least privilege or zero trust policies, which give employees access to the minimum number of resources needed in order to do their jobs, while promoting in-depth monitoring of data movement across the network. However, in order to notice discrepancies or unusual data movement, this approach requires the monitoring of all traffic, not just that which crosses the perimeter into the network. And since privileged users have access to the most valuable data, security best practices dictate that these accounts are monitored more closely.

For this same reason, network segmentation is becoming an increasingly important tool for mitigating insider-based threats. In the past, once a user had access to the network there was little an organisation could do to limit their lateral movement or prevent their access to network resources. Which meant that one breach, or worse, one motivated malicious employee with privilege had free reign over the entire network. However, with new, advanced tools like internal segmentation firewalls, inspection and monitoring can happen deep within the network, access policies can be established, reviewed, and enforced, and data can be isolated and secured separately if required. As a result, a breach occurring at the perimeter is not able to infect the entire network, and one ill-motivated employee cannot browse through and steal critical digital resources.

In addition to adopting tools and strategies to promote in-depth internal network security, financial services firms should look to ensure all employees are properly trained in cybersecurity best practices and company security protocols. Research shows that 40 per cent of employees who use cloud-based apps have never been trained to securely move and store private company data, while another 39 per cent have not had the risk of downloading cloud apps without IT’s knowledge explained to them. Ensuring that employees are aware of the risks of phishing attacks or moving and storing data off network can help cut down on those inadvertent breaches caused by insiders that can have devastating financial or public relations ramifications.

By establishing clear visibility into the cloud, monitoring data movement, especially between secured network zones, and keeping employees up to speed with the latest security protocols and practices, financial services firms can reduce the risk of a cyber risk resulting from an insider’s actions, while keeping the personal data of their clients secure.