The Insider Threat within the Financial Sector: by Dr. Guy Bunker, SVP Products Clearswift
“Recently, I spoke on a panel discussion at Information Security Financial Sector Conference 2014, discussing some of the most pressing information security issues within the financial sector. With this industry becoming one of the most frequently attacked, the time is now for financial institutions to consider security more strongly than ever before.
The reality is that there are hundreds of attacks per day and very, very few are ever successful. On the surface, this is good – it demonstrates a good level of security competence – but underneath, there is no process in place to share these lessons with other organisations. For many, it would be useful to know where breaches are coming from and what attackers were attempting to infiltrate. In general, an organisation would be happy to share information on attacks, however they would also wish to remain anonymous and share purely for the greater good, something which, in essence the law is happy with, but becomes clouded when you consider the legal requirement to announce a data breach as detailed in much legislation. This shows a clear conflict of interests in this area and one that needs to be addressed for the sector to progress in the way that threats are handled.
Overwhelmingly, one of the key topics and one of the most important areas to raise awareness of, is the internal threat within the financial sector, or as we detail ‘The Enemy Within’. The Financial Services sector is where the term ‘insider threat’ was first coined – in reference to the insider trading, but it is becoming more apparent that risks inside the organisation extend far beyond this, meaning new countermeasures need to be taken. While the commonly used segregated email method works well for front office / back office, it is important to provide these organisations with better functionality.
Critical information takes many forms. It’s not just credit card information, or customer details, but it can be defined in many different ways – all of which need to be protected. This is where adaptive solutions, which work according to you own policies, come into play. Security teams can define their own critical information and data loss prevention measures thereby stopping this information leaving the organisation erroneously.
But, organisations need to keep in mind that whatever security solution they implement, it can’t interfere with people’s workflows; otherwise they risk employees using insecure workarounds. It seems, no matter how many times regulations change, critical information will always be critical information, and there will be an increasing amount of it. Organisations need to see how it flows throughout the business and track who is accessing it and when. In doing so, it is possible to figure out where the biggest risks are and how the most cost effective solutions can be deployed to minimise any risk of a breach from the inside.”