Insider threats a bigger challenge

Issue 8 2021 Financial (Industry)

Now more than ever, insider threats pose a serious risk to financial institutions, especially those that have transitioned to alternate work environments to ensure business continuity, warns Fortinet.

Doros Hadjizenonos.

Fortinet’s 2020 Securing Remote Work Survey revealed that the shift to remote work was putting pressure on security teams and increasing the risk of breaches. In South Africa, studies have found that remote and hybrid models are here to stay, meaning organisations must make insider risk a priority, says Doros Hadjizenonos, regional sales manager at Fortinet.

With a 47% increase in just two years, insider threats are a significant and growing problem worldwide, exacerbated by the move to remote and hybrid work models. No organisation is immune to the risk and two-thirds of organisations now consider insider threats to be a bigger problem than external attacks, says Hadjizenonos.

Financial services companies are especially vulnerable because they are a natural target, primarily due to the fact that the types of data collected within these organisations – financial and personal – tend to have a high resale value on the black market.

Hadjizenonos continues: “Considering this, it is not surprising that the financial services industry experiences more attacks resulting from internal threats than other sectors and remote work is increasing this risk.”

Any employee has the potential to be an insider threat: “You only need access to sensitive information, or just access to the building where those resources are located, whether the individual works for the company or not. This means that even former employees, consultants, board members or cleaning staff could gain access to sensitive information.”

Not all insider threats are malicious, he notes. Accidental insider threats can be caused by staff who are careless with their passwords or who click on phishing mails, staff who install unauthorised software or use shadow IT. They can also be the result of a complacent IT staff member who misapplies a security patch, opens a back door to log into the network from home, misconfigures a network component, or forgets to change the default password on a company device.

Malicious insiders, on the other hand, are not reckless or unwitting. They know exactly what they are doing, they have a motive to steal data. We may think about the disgruntled employee or those who are paid to infiltrate or even use their position to do so. Some may be in a difficult financial situation, or a competitor with promises has tempted them. Financial institutions are likely targets because that’s where the money is.

In the remote work environment, the insider risk increases because employees might connect to the corporate network through a potentially non-secure home or public network and they may also be using personal devices that were not procured, configured and secured by IT, further compounding the problem. There is also the danger that other users in the home might have access to the device.

“Because there is less oversight and fewer restrictions at home, remote users are also more likely to fall victim to social engineering attacks because they cannot simply slide their chair over to a co-worker to ask whether something is legitimate or not,” he says. “At the headquarters, IT also faces challenges when it comes to work-from-home. External connections create more traffic logs and more event data that need to be reviewed. With IT security teams already under strain, attacks can simply get lost in the shuffle.”

Managing the insider threat risk

Taking a Zero Trust approach helps organisations mitigate insider risk. Where traditionally, organisations took a perimeter approach to security in which the focus was on preventing attacks from the outside, they are now recognising that granting excessive implicit trust to those within the organisation gives attackers a great deal of latitude once the perimeter has been breached. Zero trust operates on the premise that there are constant threats both outside and inside the network.

The Zero Trust security model focuses on evaluating trust on a per-transaction basis with the idea of granting access for only what is needed for users to perform their jobs – in other words access on a need-to-know basis.

The first step in designing a Zero Trust architecture is to decide who is allowed to do what and what the resources are so each individual can do their job. Zero Trust solutions are then deployed to control access to network resources by per-application risk assessment and segmentation.

Zero Trust Network Access (ZTNA) verifies users and devices before every application session to confirm that they conform to the organisation’s policy to access that application. ZTNA supports multi-factor authentication to maintain the highest degree of verification. It is important to secure all devices and ensure that the Zero Trust approach can provide the same protocols, no matter where the worker is physically located and how they’re accessing company resources.

By implementing a Zero Trust approach, organisations can better protect their networks, customers and employees from new risks in a remote work environment.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Africa’s largest data centre obtains internationally accredited certifications
News IT infrastructure Financial (Industry)
Africa Data Centres has strengthened the integrity of its day-to-day running by acquiring ISO certifications through the internationally recognised authority in ISO certification, the British Standards Institution South Africa (BSI).

Fire safety in financial organisations
Financial (Industry) Fire & Safety
The data that drives modern finance is physically stored and processed by banks of equipment in cabinets where they give off a significant amount of heat as a side effect to their furious electronic activity.

Keeping a constant eye open
Secutel Technologies Financial (Industry)
A cash management process involves several moving parts, each of which is important to the success of avoiding cash theft by internal staff or external people. Financial institutions must protect their ...

Cash management with biometrics
Suprema neaMetrics Financial (Industry)
By integrating biometrics into cash handling solutions, the risks that cash is exposed to, including fraud, theft and unintentional loss, can be mitigated.

Road blockers to prevent forced entry
Turnstar Systems Financial (Industry)
Road blockers provide higher levels of security with built-in stopping power and are used extensively for premises such as banks, embassies, bullion depots, cargo parks, ports and truck parks.

Entersekt partners with Capitec Bank
Financial (Industry)
Entersekt integrates NuData Security’s behavioural analytics intelligence into its EMV 3-D Secure solution to provide Capitec customers with real-time risk-based authentication for online purchases.

Russia/Ukraine war and its effect on financial institutions
Technews Publishing Editor's Choice Security Services & Risk Management Financial (Industry)
ASIS SA’s treasurer, Erica Gibbons, highlights some of the effects financial institutions should look out for as a result of the war between Russia and the Ukraine.

Physical security solution at the JSE
Turnstar Systems Financial (Industry)
Turnstar was recently contracted to provide the JSE with a comprehensive site- and client-specific solution, designed for maximum safety and security.

Security and service assurance
Financial (Industry)
Companies must test and monitor new digital transformation projects over both wired and wireless networks – during and after deployment – to assure a quality user experience.

Banking on surveillance, AI and analytics
Cathexis Technologies Financial (Industry)
CathexisVision video surveillance capabilities and smart video analytics help detect and cut fraud-based events and their resulting losses as well as facilitate the gathering of business- and consumer-related intelligence.