Insider threats a bigger challenge

Issue 8 2021 Financial (Industry)

Now more than ever, insider threats pose a serious risk to financial institutions, especially those that have transitioned to alternate work environments to ensure business continuity, warns Fortinet.

Doros Hadjizenonos.

Fortinet’s 2020 Securing Remote Work Survey revealed that the shift to remote work was putting pressure on security teams and increasing the risk of breaches. In South Africa, studies have found that remote and hybrid models are here to stay, meaning organisations must make insider risk a priority, says Doros Hadjizenonos, regional sales manager at Fortinet.

With a 47% increase in just two years, insider threats are a significant and growing problem worldwide, exacerbated by the move to remote and hybrid work models. No organisation is immune to the risk and two-thirds of organisations now consider insider threats to be a bigger problem than external attacks, says Hadjizenonos.

Financial services companies are especially vulnerable because they are a natural target, primarily due to the fact that the types of data collected within these organisations – financial and personal – tend to have a high resale value on the black market.

Hadjizenonos continues: “Considering this, it is not surprising that the financial services industry experiences more attacks resulting from internal threats than other sectors and remote work is increasing this risk.”

Any employee has the potential to be an insider threat: “You only need access to sensitive information, or just access to the building where those resources are located, whether the individual works for the company or not. This means that even former employees, consultants, board members or cleaning staff could gain access to sensitive information.”

Not all insider threats are malicious, he notes. Accidental insider threats can be caused by staff who are careless with their passwords or who click on phishing mails, staff who install unauthorised software or use shadow IT. They can also be the result of a complacent IT staff member who misapplies a security patch, opens a back door to log into the network from home, misconfigures a network component, or forgets to change the default password on a company device.

Malicious insiders, on the other hand, are not reckless or unwitting. They know exactly what they are doing, they have a motive to steal data. We may think about the disgruntled employee or those who are paid to infiltrate or even use their position to do so. Some may be in a difficult financial situation, or a competitor with promises has tempted them. Financial institutions are likely targets because that’s where the money is.

In the remote work environment, the insider risk increases because employees might connect to the corporate network through a potentially non-secure home or public network and they may also be using personal devices that were not procured, configured and secured by IT, further compounding the problem. There is also the danger that other users in the home might have access to the device.

“Because there is less oversight and fewer restrictions at home, remote users are also more likely to fall victim to social engineering attacks because they cannot simply slide their chair over to a co-worker to ask whether something is legitimate or not,” he says. “At the headquarters, IT also faces challenges when it comes to work-from-home. External connections create more traffic logs and more event data that need to be reviewed. With IT security teams already under strain, attacks can simply get lost in the shuffle.”

Managing the insider threat risk

Taking a Zero Trust approach helps organisations mitigate insider risk. Where traditionally, organisations took a perimeter approach to security in which the focus was on preventing attacks from the outside, they are now recognising that granting excessive implicit trust to those within the organisation gives attackers a great deal of latitude once the perimeter has been breached. Zero trust operates on the premise that there are constant threats both outside and inside the network.

The Zero Trust security model focuses on evaluating trust on a per-transaction basis with the idea of granting access for only what is needed for users to perform their jobs – in other words access on a need-to-know basis.

The first step in designing a Zero Trust architecture is to decide who is allowed to do what and what the resources are so each individual can do their job. Zero Trust solutions are then deployed to control access to network resources by per-application risk assessment and segmentation.

Zero Trust Network Access (ZTNA) verifies users and devices before every application session to confirm that they conform to the organisation’s policy to access that application. ZTNA supports multi-factor authentication to maintain the highest degree of verification. It is important to secure all devices and ensure that the Zero Trust approach can provide the same protocols, no matter where the worker is physically located and how they’re accessing company resources.

By implementing a Zero Trust approach, organisations can better protect their networks, customers and employees from new risks in a remote work environment.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Proactive strategies against payment fraud
Financial (Industry) Security Services & Risk Management
Amid a spate of high-profile payment fraud cases in South Africa, the need for robust fraud payment prevention measures has never been more apparent, says Ryan Mer, CEO of eftsure Africa.

Understanding the power of digital identity
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
The way we perceive business flourishing is undergoing a paradigm shift, as digital identity and consumer consent redefine the dynamics of transactions, says Shanaaz Trethewey.

Protect your financial assets from unknown online threats
Products & Solutions Information Security Financial (Industry)
Malicious actors employ a myriad of sophisticated techniques, such as hacking, phishing, spamming, card theft, online fraud, vishing, and keylogging, among others, to exploit unsuspecting individuals and gain unauthorised access to their financial resources.

Is AI the game-changer for streamlining anti-money laundering compliance?
Financial (Industry) Security Services & Risk Management
In the aftermath of South Africa's recent grey listing, companies are now confronted with the imperative to address eight identified strategic deficiencies, while simultaneously reducing their financial crime risk through anti-money laundering compliance processes.

FutureBank and IDVerse partner to fight cybercrime
Information Security Financial (Industry)
Generative AI is breeding different fraud types, and cybercrime is predicted to become the biggest economy in the world in the next 18 months. FutureBank and IDVerse have joined forces to keep their customers safe.

Capitec installs Speedgate turnstiles
Turnstar Systems Financial (Industry) Access Control & Identity Management Products & Solutions
Capitec’s Head office in Cape Town recently took its security measures to the next level with the installation of three Speedgate secure lanes manufactured and installed by Turnstar Systems.

Banking the unbanked comes with security risks
Financial (Industry) Security Services & Risk Management
As grim as it was, the pandemic of recent years and its resultant global economic crisis were a prime catalyst for record number of first-time bank users, the previously unbanked.

Combating South African financial crime with RegTech
Financial (Industry) Security Services & Risk Management
RegTech South Africa is an emerging and dynamic industry with new regulations being consistently added and the need for compliance being more important than ever. With the recent Greylist announcement of South Africa, by FATF, compliance with international standards and regulations cannot be ignored.

Integrating existing technology and AI
Secutel Technologies Financial (Industry) Access Control & Identity Management Products & Solutions AI & Data Analytics
Financial institutions require strict security processes governing staff and visitors (including unwanted visitors), from the perimeter, right into their campuses and buildings; however, replacing all existing security systems with new technology is not always viable.

Smart remote monitoring
Financial (Industry)
Thorburn Security Solutions provides a smart remote monitoring and cost-effective solution that will increase efficiency and, most importantly, mitigate risk.