All organisations are vulnerable to insider threats. The latest data shows that the number of insider incidents has increased by 47% over the past two years, now affecting more than 34% of businesses. Doros Hadjizenonos, Regional Sales Manager at Fortinet weighs in on the risks the financial industry is facing and what you can do.
It is now considered that malicious insider attacks or accidental breaches are more likely than external attacks. Financial services companies in particular are more vulnerable, they are a natural target because the data collected within the industry are more prone to have a high re-sale value on the black market.
The first thing an organisation must do is understand the three main types of insider threats:
Accidental insider threats appear as a result of careless, and sometimes reckless behaviour. This insider could be an employee who uses their birthday as a password, writes down their credentials on a sticky note or unintentionally clicks on a phishing email.
It could be someone higher up who installs unauthorized software or uses Shadow IT. It can even be a complacent IT staff member that misapplies a security patch, opens a back door to log into the network from home, misconfigures a network component, or forgets to change the default password on a company device.
On the complete constrary, the Malicious Insider is not reckless, careless, or unknowingly. It could be disgruntled employees or those who are paid to infiltrate or use their position to do so. Some may just be doing it for the thrill of it or be in a difficult financial situation, tempted by a competitor with promises. Banks and other financial institutions are likely targets because that’s where the money is.
When working from home employees may be using personal devices that were not procured, configured, and secured by IT. As the number of people working from home has increased, so have the risks. The remote workers are more likely to fall victim to social engineering attacks as there is less oversight and fewer restrictions in a work-from-home environment, which, unfortunately, can lead to relaxed attitudes around security.
Addressing remote worker threats in financial services is challenging, here is a short list of actions that can help IT and security teams to manage the risk:
- Educate the remote workforce: Security policies specific to remote working should be conveyed to anyone who is working from home or other remote locations. This includes a focus on the awareness of social engineering attack methods such as phishing, smishing, and vishing.
- Secure remote access connections: SSL and IPSec VPN should be used along with strong authentication when connecting remote users to the network and allowing them to access data. This also has to include inspecting encrypted traffic, as VPN tunnels can be just as easily used to transport malware and financial data undetected as it can be for legitimate traffic. This will require deploying a firewall designed to manage the scale and performance requirements such inspection requires.
- Encrypt data at rest: All sensitive data, including that of which is stored on employee devices, should also be encrypted. If this is not feasible, remote workers should be prohibited from storing data on these devices.
- Deploy visibility and access control technology: Network Access Control and Zero-touch Network Access are critical solutions to have in place. IT teams need all the help they can get when it comes to the visibility of users, devices, and applications on the network so they can control who and what applications have access.
- Prioritise endpoint security: Endpoints are common attack vectors, which also means they must be regularly assessed for vulnerabilities and advanced threats. They must also have advanced security solutions installed, such as endpoint detection and response (EDR) solutions that offer real-time protection against malware and breaches. These solutions should also be combined with a holistic security framework that can automatically detect, respond to, and manage incidents, thereby protecting data, reducing system downtime, and ensuring business continuity.
- Monitor for unusual activity: Leverage SIEM and SOAR technologies to monitor and alert on abnormal login attempts, large data transfers that cannot be explained, or other unusual behaviors.
By understanding the types of insider threats that exist and following the recommendations outlined above, organizations can better protect their networks, customers, and employees from new risks brought about by an expanded remote worker strategy.