The Benefits of Protecting Against & Detecting Insider Threats in Finance
Insider threats to enterprise data have more than one look. A simple mistype by an employee with privileged access can be just as damaging as a compromised employee looking to make a quick buck. One thing that’s always the same, however, is the amount of destruction they impart on a business, especially in the financial services sector. Financial institutions face the second highest breach costs among targeted industries. And what’s worse, between 2018 and 2020, insider threats within the finance sector rose 20.3%. It’s a worrying trend for an industry handling the most privileged type of data and makes detecting these kinds of threats a top priority for financial institutions. In doing so, organizations do more than protect themselves against internal data breaches. By detecting insider threats in finance, productivity can also be improved.
Protecting Against Insider Threats in Finance
Though on the rise, insider threats account for a much smaller percentage of data breaches than cyberattacks conducted by external threat actors. Still, they pose a grave threat; and the recent attack on the NY Credit Union serves as a reminder and example. After being relieved of her position, a disgruntled employee used her access to delete troves of data along with the credit union’s anti-ransomware protection software. This data breach created a huge inconvenience for customers and also put the credit union at greater risk of another attack by deleting software in its security stack.
While the situation was quickly remediated and the ex-employee identified and charged, the incident served as a stark reminder of the importance of protecting against and detecting insider threats in finance.
This particular case shined a light on ways to protect against insider threats. The former employee at the center of the attack accessed and deleted data only after being terminated; but she was only able to do so because her access to company servers was never revoked.
Immediately deprovisioning access upon an employee’s exit from the company is paramount to protecting an organization from insider threats that stem from staff who are no longer part of the organization.
Continued access after the employee’s tenure wasn’t the only problem in this case either. The amount of data and types of data the employee had access to was cause for concern. Included in the deleted data were mortgage loan applications, anti-ransomware software and “other sensitive information”. Had the data been microsegmented, or separated into different access categories based on the data type, there’s a possibility that less data would have been lost.
Microsegmenting data and using role-based access to data helps limit data vulnerabilities and lowers the chances of data being lost to an insider threat. If an insider threat appears in one department and only has access to that department’s data, then the rest of the company data would be safe from the threat.
Though the case of the NY Credit Union highlights how data can be protected against insider threats, it doesn’t address detecting such threats.
Detecting insider threats in finance and avoiding them altogether is the best way to protect against internally caused data breaches. And looking at a story from yet another credit union we can see how detecting insider threats comes with other benefits for the overall organization.
Detecting Insider Threats in Finance
After watching the NY Credit Union story play out in the news, a small regional midwestern credit union decided it was time to more seriously invest in insider threat protection and detection. This led to a complete overhaul of their internal security strategy. They began operating a zero trust strategy and implemented new software that aided their beefed up insider threat approach: user and entity behavior monitoring.
Built into this monitoring software were safeguards to protect against common insider threat actions. File transfer monitoring and email monitoring helped IT track when company data was being downloaded and where it was being sent. Message and app tracking kept administrators abreast of employee sentiment.
Tracking these behaviors helped IT stay clued into different types of insider threats. Files were monitored for access in case a financially motivated insider or a disgruntled employee was attempting to exfiltrate data. Email tracking watched for accidental insiders vulnerable to a phishing scam and server access tracking looked for any suspicious login attempts from possibly compromised employees. Monitoring these different types of actions assisted in detecting the different types of insider threats their organization faced.
With data loss protection in mind, the regional credit union looked at the user behavior monitoring suite as a cybersecurity software more than an employee productivity agent but soon saw its ability to do both.
Included in their monitoring suite was OCR search functionality. Using the tool allowed administrators to quickly search through hours of employee activity for key phrases or number sequences, like company banking information, appearing on employee screens regardless of the format. The credit union made use of this feature in case employees were taking screenshots of sensitive customer data, but during a random search discovered a workflow slowing their employees down.
During one of their searches, administrators found something else–a bad case of work duplication. While the payments department was conducting data entry in order to send information to the processing department, the processors were having to tediously reenter the same information in order to initiate processing.
And that wasn’t the only instance of work duplication discovered. Administrators found examples of repeated tasks in almost every department, and immediately announced their findings to managers.
Soon after, as they did with their security strategy, the bank revamped their work processes.
Using the monitoring agent in this way allowed the bank to tighten their security practices as well as streamline their work processes which assisted in detecting insider threats while increasing their productivity.
Detecting insider threats in finance is not only necessary to combat the current cyber threat trends happening in the sector, doing so comes with added, often unrealized benefits, for the company on a wider scale. User and entity behavior monitoring helps protect companies operating within financial services against insider threats but also provides deeper insights into how company processes are working- or not working. This comes to the benefit of not just the IT department’s security efforts but more importantly, the overall revenue of the organization.
Optimize Your Business With Teramind
Optimizing your business starts by making data-driven decisions. Get timely and quick access to key data such as app and online activity, task and project engagement, work time analysis and more. Teramind is an enterprise grade employee monitoring solution with integrated business intelligence features that shows you the information that’s most relevant for your organization.
But don’t just take our word for it…