Insider Threats: Are You Underestimating the Potential Risk?

Data breaches tend to spotlight the malevolence of hackers and hacktivists but some of the most serious vulnerabilities continue to lie closer to home in how an organisation monitors and manages internal risk. Insider breaches are often perceived as exceptions rather than a common threat but should financial service providers reconsider this approach?

A recent Harris survey commissioned by my company in the USA makes for anxious reading and should be a wake-up call for those organisations who think that basic internal security measures will suffice to protect them from insider threats. The findings revealed that nearly 1 in 5 (19%) of U.S. office workers aged between 18 and 34 would take company information such as customer data, price lists or product plans with them if they knew they were about to be fired. It is even more alarming that 16% or nearly 1 in 6 of the surveyed employees admitted that they have been able to use old work usernames and passwords to access a former employer's computing systems.

These are U.S. findings but what’s the likelihood that such attitudes and behaviours aren’t present here in Europe despite the efforts of C-level leaders with responsibility for risk mitigation?

Many organisations lack sufficient understanding of who is accessing sensitive data, what information is being accessed, when and how. And when you consider how many employees flow through a large organisation, you can start to get a more accurate picture of the potential security risk. Sharing critical business information with partners, customers and other parties further amplifies this risk.

And yet financial service providers don’t seem to be aware of the real size of this threat. According to a recent study by Capgemini only 6% of financial service organisations consider IT security a top priority, whilst one third of the surveyed have no plans to enhance IT security systems. 

One of the key reasons for this lack of understanding of access risk is that companies are typically overwhelmed by the sheer volume of computing activity occurring under their roof. As employees are hired, promoted, transferred between departments or terminated, their access privileges need to change as quickly as these changes occur.  And this doesn’t even include all users in the business environment. Add cloud applications and mobile devices and you will begin to understand why organisations are finding it so difficult to manage access risk.  

With the pressure from regulators to streamline compliance and internal security practices, organisations need to rethink the role of IT security in mitigating business risk and enabling them to meet their compliance mandates. What is required is a new approach to access risk management that focuses on real-time understanding of access risk. By monitoring, analysing and acting upon access risk factors in almost real-time, financial organisations will be able to improve visibility into where the greatest access vulnerabilities lie and address these issues before they have caused any damage to the organisation. This, coupled with the automated enforcement of internal policies and compliance practices, will help reduce business risk and ensure insider threats are identified and acted upon as soon as they occur.