Steve Armstrong, Regional Director UK, Ireland, and South Africa at Bitglass, identifies how to spot insiders who might pose a serious cybersecurity risk, and highlights the steps financial institutions can take to minimise said risk.

“It’s never the enemy without that brings you down. It’s always the enemy within.”  Sherrilyn Kenyon

It’s fair to say that the banking industry has weathered many storms these past few years; unfortunately, calmer waters won’t be on the horizon any time soon. A major concern for banks and financial institutions is that they are being targeted by cyber criminals who are seeking to steal customer information and slow down online banking operations. In April this year, the Financial Times reported that seven of the UK’s biggest banks, including Santander, Royal Bank of Scotland, and Tesco Bank, were forced either to slow operations or shut down entire systems due to cyberattacks.

In light of the above, it’s no surprise that a global study of 400 bank executives conducted by the Economist found that 71% of execs are focusing their digital investments on cybersecurity. A separate study by Crowd Research Partners identified “insiders,” or financial institutions’ own employees, as being a significant threat. In fact, 53% of those polled confirmed that they had experienced an insider attack in the last twelve months; additionally, 27% said that insider attacks are becoming a more common occurrence.

These statistics are indicative of the growing threat that insiders pose to data security. Unfortunately, organisations typically struggle to detect anomalous or careless employee behaviours.  As such, many must revise their approaches to data protection. However, before deploying a new security solution, it is important to understand four of the most common insider threats faced by businesses today.

1) Disgruntled workers

Often described as malicious insiders, rogue employees are individuals that intentionally set out to steal company data; this may be done out of a desire for vengeance, profit, or even a competitor’s benefit. A high profile example can be found with the 2015 case of a Mercedes engineer that stole highly sensitive data in order to give it to his new employer, Ferrari.

Unfortunately, insiders with malicious intent have an upper hand when it comes to data theft – they have legitimate credentials that will bypass the majority of their organisations’ security features. If such an individual holds a senior or administrative role, she or he may even have unfettered access to an organisation’s most sensitive data.

2) The third-party employee

Third parties are frequently overlooked when organisations are planning their security strategies. These insiders often act as fully integrated members of an organisation,even when working from distant locations. Some may also have in-depth familiarity with internal processes and controls, making them just as knowledgeable about security procedures as an internal employee.

3) Unwilling accomplices

Compromised credentials are a significant danger for the enterprise.With usernames and passwords in hand, outside parties can enter corporate networks through legitimate means and evade security systems. An example of this can be found with the global accountancy firm Deloitte. Recently, hackers compromised the organisation’s global email server using a stolen admin account, granting them unfettered access throughout the entire system for months before their activities were discovered.

As this example shows, breaches involving credential compromise can take a great deal of time to identify and remediate. From an IT perspective, it can appear as though account hijackers are simply regular users going about their normal job duties, making it difficult to detect the misuse of corporate credentials.

4) The careless worker 

Whiledisgruntled workers clearly pose a serious threat to organisational security, a less obvious threat rests with happy, but careless employees. These individuals may inadvertently compromise security by using unsecured public Wi-Fi, losing organisational credentials, clicking on suspicious email links, sharing sensitive information with unauthorised parties, or being followed into the office through an access-controlled door. Each of these mishaps offers criminals an opportunity to breach the enterprise.

What’s the answer?

The unpredictable nature of insider threats means that a proactive, multi-faceted solution is the best form of defence. Below are four different approaches to security which, when combined, create robust protections around cloud-based environments.

Automation: Reactive tools that rely upon humans to manually analyse threats are incapable of protecting data in the high-speed era of the cloud. As such, automated security solutions are vital for businesses today. These kinds of tools employ machine learning so that they can identify malicious or suspicious behaviours as soon as they take place; for example, when a user suddenly downloads an unusually large amount of data or accesses sensitive information outside of normal working hours. These tools use an analytical, real-time approach in order to uncover threatening behaviour and take corrective actions as needed.

Identity and access management (IAM): To defend against insider threats, it is imperative that organisations verify users’ identities and grant data access to appropriate parties only. Relying upon basic passwords is no longer an adequate strategy for protecting corporate information. Instead, companies need to leverage multi-factor authentication (MFA) and require a second form of verification – like an SMS token sent via email or text message. Other helpful capabilities include contextual access control, which governs data access by factors like job function and geographic location, as well as session management, which automatically logs inactive users out of corporate applications in order to prevent account hijacking.

Data loss prevention (DLP): Cloud DLP is a dynamic tool that securely enables employees to work wherever they want and whenever they want – from the devices of their choosing. A typical cloud DLP offering should include watermarking (tracking), file encryption, redaction, and other features that help ensure that sensitive data never gets into the wrong hands.

Training: While technology can be a powerful way to improve data security, another effective tool is far simpler. Regular employee trainings can raise awareness of security best practices and help keep data protection top of mind for workers. By consistently discussing the importance of security and the consequences of failing to uphold security protocols, the threats of data theft and data leakage can be minimised.

Without maintaining a robust security posture, banks are susceptible to the insider threats detailed above. However, to achieve such a security posture, organisations must first understand these threats and the dangers they represent. Once this knowledge is obtained, banks can select security solutions capable of defending data in today’s IT landscape, allowing them to confidently and securely take advantage of the cloud.