Europe’s banks and cybersecurity experts are warning of a growing challenge due to insider threat fraud, warning of the high costs associated for organizations that fall victim to this form of cyberattack.
As the COVID-19 pandemic sent staff home across the globe, it has created the perfect environment for cybercriminals.
But while banks and financial firms rushed to gear themselves up against growing external threats, they may have overlooked home grown cyber risk within their organization.
Challenges around insider threat fraud are “significant” in the current environment, said Mike Brookes, head of cyber intelligence at Barclays, speaking at the Sibos annual financial services conference.
An insider threat is when an internal actor, such as an employee or contractor, poses a security risk to an organization by misusing their authorized access to critical systems or information.
Not only does remote working provide more opportunities for an insider to operate, it also makes it more difficult for internal security teams to investigate insider threats and deal with an employee under suspicion.
One challenge is that banks often have not deployed technology that enables them to track behavioural anomalies on employee laptops, making it harder to spot insider risks in a remote environment, said Tom Kellermann, head of security strategy at software company VMware.
Insider threat fraud – cause and effect
The nature of COVID-19, being both a health and economic crisis, as well as one that leaves people more isolated than ever, could be making things worse.
“One of the things that we really need to be cognizant of as we progress further on into the year is the stress of the world that we’re living in and the impact that’s having on everyone,” Brookes said.
The pandemic’s long-term impact on people’s mental wellbeing and morale could tip some employees over to become an insider threat, he added.
“Employers are concerned that their employees are under an undue amount of stress,” said Wendi Whitmore, vice president of IBM X-Force. “That’s an effect of the larger pandemic, and just the work environment that we are all in.” IBM X-Force is a business within IBM that provides security research and threat intelligence.
Whitmore said clients have been increasingly concerned about insider threats and how to detect high-risk workers since the pandemic started. Her team is responsible for investigating data breaches of enterprises globally and works with cases weekly where insiders are suspected to be involved, she said.
While malicious insiders intend to cause harm to the organization, insider threats can also be accidental, coming from misconfigurations or other types of human error.
Aiding and abetting
A malicious insider could provide a cybercriminal with knowledge of how systems and processes work, and where to find the most critical data. The aid of an insider typically enables an attacker to go unnoticed for a longer time after initiating an attack, making it more effective.
For that reason, breaches caused by malicious insiders are often more costly for an organization than other types of breaches. The average cost of such cyber incidents, across sectors, is $4.37 million, according to IBM’s Cost of a Data Breach Report 2020. In comparison, the average cost of data breaches caused by system glitches is $3.38 million and human error $3.33 million.
The figures may well be higher for the financial industry, which is among the three industries that incur the highest costs when victim of a data breach, according to the report.
Addressing the threat
Organizations have a range of tools and techniques at hand to address insider threat fraud. They need to put in place effective authentication and access logging for their most critical systems, while also limiting escalated privileges to them.
Endpoint detection and response tools are another way in which security teams can detect malicious activity on endpoint and understand the chain of attack.
But processes and technology aside, banks and financial firms might have to start looking at insider threat first and foremost as a human resource challenge.
Particularly for those people in cybersecurity roles, the job comes with “constant pressure,” and the global pandemic is only adding to this, according to Jonathan Pagett, acting chief information security officer at the Bank of England.
“In cybersecurity, there isn’t ever the end of the day, because we’re constantly being attacked,” he said.
The post European banks raise internal concerns over COVID-19 related insider threat fraud appeared first on Payments Cards & Mobile.