Because financial services organizations are at an inherently greater risk due to the sensitive nature of the data they store, and the often-monetary motivations of cybercriminals, they are keenly aware of the damage that can result from a data breach.
Data shows that the financial services sector was the most frequently targeted industry in 2016, with attacks increasing 29 percent year-over-year. In light of these attacks, along with increased government regulations, financial services firms are ramping up their security measures. In fact, a recent study shows that 86 percent of financial services firms say they intend to increase time and spend on cybersecurity this year, up from 60 percent last year.
There’s no denying that the increased adoption of financial network security is a positive step forward. Cybersecurity initiatives are focused on keeping malicious actors from gaining access to the network and its data, especially as international hacking groups and hacktivists gain traction. And there are few places where such initiatives are more critical than in the financial sector.
However, as financial services firms continue to harden their evolving network perimeters and focus on keeping bad actors out, they tend to overlook another key attack vector: those people who already have unrestricted access to the network.
Seventy-four percent of respondents to a recent survey of global executives and IT leaders say that careless employees are the most likely source of a cyberattack. And while 56 percent of respondents named criminal syndicates as the main source of cyber-attacks, 52 percent also identified malicious employees as a significant risk. Clearly, with IT professionals identifying insider threats to represent nearly as high a risk as professional cyber crime syndicates, perimeter security measures are not enough.
Inadvertent insider threats are often the result of a general lack of security knowledge and neglect, such as employees falling victim to phishing and social engineering attacks. However, they can also come from employees storing or sending sensitive data on insecure applications that IT is not aware of, something that is referred to as Shadow IT. For example, if an employee sends a data set to a personal email address or cloud storage site like Dropbox in order to work on it from home, that data is at higher risk because it is no longer protected within the confines of the secured network.
In addition, malicious attacks are also often initiated by disgruntled employees looking to do damage, by those looking for monetary gain by selling data on the dark web or working as an insider with professional criminals, or by those who are planning to start or move to a competing business. Regardless of the motivation of the attack, what’s most important is detecting when data is being accessed and moved inappropriately, and stopping it.
Protecting an organization h das become an increasingly difficult task because more and more employees work remotely, and data is moving freely into and across the cloud. Approximately 87 percent of banking institutions employ a hybrid cloud environment, and unfortunately, data visibility significantly drops off once it moves into a cloud environment. To mitigate insider threats, it’s becoming increasingly important to where data is stored, which data is the most valuable, who has access to it, and if that access is business critical.
Many organizations have adopted the principle of least privilege or zero trust policies, which give employees access to the minimum number of resources needed to do their jobs, while promoting in-depth monitoring of data movement across the network. However, in order to notice discrepancies or unusual data movement, this approach requires the monitoring of all traffic, not just that which crosses the perimeter into the network. And since privileged users have access to the most valuable data, security best practices dictate that these accounts are monitored more closely.
For this same reason, network segmentation is becoming an increasingly important tool for mitigating insider-based threats. In the past, once a user had access to the network there was little an organization could do to limit their lateral movement or prevent their access to network resources. Which meant that one breach, or worse, one motivated malicious employee with privilege had free reign over the network. However, with new, advanced tools like internal segmentation firewalls, inspection and monitoring can happen deep within the network, access policies can be established and enforced, and data can be isolated and secured separately. As a result, a perimeter breach is not able to infect the entire network, and one motivated employee cannot browse through and steal critical digital resources.
In addition to adopting tools and strategies to promote in-depth internal network security, financial services firms should also ensure that employees are properly trained in cybersecurity best practices and company security protocols. Research shows that 40 percent of employees who use cloud-based apps have never been told how to securely move and store private company data, while another 39 percent have not had the risk of downloading cloud apps without IT’s knowledge explained to them. Ensuring that employees are aware of the risks of phishing attacks or moving and storing data off network can help cut down on those inadvertent breaches caused by insiders that can have devastating financial or public relations ramifications.
Corporate and IT leaders are beginning to understand that security must extend beyond the perimeter in order to limit the risks to sensitive data. In 2016, 200 million financial services records were breached, at a cost of $221 per capita. By establishing clear visibility into the cloud, monitoring all data movement, especially between secured network zones, and keeping employees abreast of the latest security protocols and practices, financial services firms can curb this cost while keeping the personal data of their clients secure.
Let’s get a conversation going on Twitter! How does your organization monitor internal network activity?