Insider threats a bigger challenge

Issue 8 2021 Financial (Industry)

Now more than ever, insider threats pose a serious risk to financial institutions, especially those that have transitioned to alternate work environments to ensure business continuity, warns Fortinet.

Doros Hadjizenonos.

Fortinet’s 2020 Securing Remote Work Survey revealed that the shift to remote work was putting pressure on security teams and increasing the risk of breaches. In South Africa, studies have found that remote and hybrid models are here to stay, meaning organisations must make insider risk a priority, says Doros Hadjizenonos, regional sales manager at Fortinet.

With a 47% increase in just two years, insider threats are a significant and growing problem worldwide, exacerbated by the move to remote and hybrid work models. No organisation is immune to the risk and two-thirds of organisations now consider insider threats to be a bigger problem than external attacks, says Hadjizenonos.

Financial services companies are especially vulnerable because they are a natural target, primarily due to the fact that the types of data collected within these organisations – financial and personal – tend to have a high resale value on the black market.

Hadjizenonos continues: “Considering this, it is not surprising that the financial services industry experiences more attacks resulting from internal threats than other sectors and remote work is increasing this risk.”

Any employee has the potential to be an insider threat: “You only need access to sensitive information, or just access to the building where those resources are located, whether the individual works for the company or not. This means that even former employees, consultants, board members or cleaning staff could gain access to sensitive information.”

Not all insider threats are malicious, he notes. Accidental insider threats can be caused by staff who are careless with their passwords or who click on phishing mails, staff who install unauthorised software or use shadow IT. They can also be the result of a complacent IT staff member who misapplies a security patch, opens a back door to log into the network from home, misconfigures a network component, or forgets to change the default password on a company device.

Malicious insiders, on the other hand, are not reckless or unwitting. They know exactly what they are doing, they have a motive to steal data. We may think about the disgruntled employee or those who are paid to infiltrate or even use their position to do so. Some may be in a difficult financial situation, or a competitor with promises has tempted them. Financial institutions are likely targets because that’s where the money is.

In the remote work environment, the insider risk increases because employees might connect to the corporate network through a potentially non-secure home or public network and they may also be using personal devices that were not procured, configured and secured by IT, further compounding the problem. There is also the danger that other users in the home might have access to the device.

“Because there is less oversight and fewer restrictions at home, remote users are also more likely to fall victim to social engineering attacks because they cannot simply slide their chair over to a co-worker to ask whether something is legitimate or not,” he says. “At the headquarters, IT also faces challenges when it comes to work-from-home. External connections create more traffic logs and more event data that need to be reviewed. With IT security teams already under strain, attacks can simply get lost in the shuffle.”

Managing the insider threat risk

Taking a Zero Trust approach helps organisations mitigate insider risk. Where traditionally, organisations took a perimeter approach to security in which the focus was on preventing attacks from the outside, they are now recognising that granting excessive implicit trust to those within the organisation gives attackers a great deal of latitude once the perimeter has been breached. Zero trust operates on the premise that there are constant threats both outside and inside the network.

The Zero Trust security model focuses on evaluating trust on a per-transaction basis with the idea of granting access for only what is needed for users to perform their jobs – in other words access on a need-to-know basis.

The first step in designing a Zero Trust architecture is to decide who is allowed to do what and what the resources are so each individual can do their job. Zero Trust solutions are then deployed to control access to network resources by per-application risk assessment and segmentation.

Zero Trust Network Access (ZTNA) verifies users and devices before every application session to confirm that they conform to the organisation’s policy to access that application. ZTNA supports multi-factor authentication to maintain the highest degree of verification. It is important to secure all devices and ensure that the Zero Trust approach can provide the same protocols, no matter where the worker is physically located and how they’re accessing company resources.

By implementing a Zero Trust approach, organisations can better protect their networks, customers and employees from new risks in a remote work environment.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

SA banking sector chooses enterprise-grade ID verification
Financial (Industry) Access Control & Identity Management Integrated Solutions
In terms of the secure digital onboarding of customers, South Africa’s major banks have made massive inroads by using remote facial authentication.

Five banking and payment security threats and trends in 2023
Cyber Security Financial (Industry)
The digital pendulum is swinging back to pre-pandemic agendas, offering security leaders in the banking world a chance to revisit longer-term projects and take advantage of the tech crunch layoffs to bolster their security teams.

Deposita's Digitisor SmartPOS devices can grow your business
Deposita Financial (Industry) Asset Management, EAS, RFID
The Digitisor N910 Pro and N700 SmartPOS devices are suited for SMME retailers and suppliers looking to enhance their customer payment experience.

The $600 000 question
Cyber Security Security Services & Risk Management Financial (Industry)
Usman Choudhary, chief product officer of VIPRE Security Group, advises companies to do the basics to protect themselves before looking for cyber insurance.

eCommerce losses to online payment fraud to exceed $48 billion
Editor's Choice News Security Services & Risk Management Financial (Industry)
A new study from Juniper Research has found that the total cost of eCommerce fraud to merchants will exceed $48 billion globally in 2023, up from just over $41 billion in 2022.

SABRIC releases annual crime stats for 2021
Editor's Choice News Financial (Industry)
SABRIC, the South African Banking Risk Information Centre, on behalf of the banking industry has released its annual crime stats for 2021.

Africa’s largest data centre obtains internationally accredited certifications
News IT infrastructure Financial (Industry)
Africa Data Centres has strengthened the integrity of its day-to-day running by acquiring ISO certifications through the internationally recognised authority in ISO certification, the British Standards Institution South Africa (BSI).

Fire safety in financial organisations
Financial (Industry) Fire & Safety
The data that drives modern finance is physically stored and processed by banks of equipment in cabinets where they give off a significant amount of heat as a side effect to their furious electronic activity.

Keeping a constant eye open
Secutel Technologies Financial (Industry)
A cash management process involves several moving parts, each of which is important to the success of avoiding cash theft by internal staff or external people. Financial institutions must protect their ...

Cash management with biometrics
Suprema neaMetrics Financial (Industry)
By integrating biometrics into cash handling solutions, the risks that cash is exposed to, including fraud, theft and unintentional loss, can be mitigated.