In the 2008 crime comedy movie Mad Money, three women with menial jobs at the Federal Reserve Bank of Kansas City plot to steal money from the branch. Each works in a different department, but by leveraging their work responsibilities and unique access to areas of the building, they’re able to pull off their theft day after day.
When a Federal Bank Examiner suspects that cash has gone missing, he confronts the bank’s head of security, Glover, who refuses to believe theft is possible because he watches “everyone, everywhere, every minute.” It’s Glover’s false sense of security and arrogance that has created blind spots that the ladies easily exploit.
While the movie is far-fetched, it highlights how even low-level employees can become insider threats when access is widespread and leaders believe their security measures are impossible to circumvent.
In reality, it takes just one individual who had a rough morning or has a consistent grudge against their boss to become an insider threat. In finance, where the stakes are high and sensitive information is accessible to a range of employees, the danger of insider threats looms large.
Understanding the Scope of Insider Threats
An insider threat, in essence, is a security risk that originates from within an organization. It involves employees, contractors, or business associates who have access to the organization’s data and misuse that access, intentionally or unintentionally, to compromise its security. Too often, the very people entrusted with safeguarding sensitive data become the threat.
Wells Fargo’s cross-selling insider threat incident perfectly illustrates the gravity of insider threats in the financial industry. From 2011-2016, thousands of Wells Fargo employees opened millions of unauthorized accounts in customers’ names to meet aggressive sales goals, which rewarded them for opening new accounts.
Since employees had legitimate access to the bank’s systems and customer data, they could open accounts without customer authorization using fake signatures but real Social Security numbers and other personal information. When the fraud was discovered, the bank was fined $185 million by regulators and paid an additional $2.7 billion to settle numerous civil and criminal lawsuits.
The Human Element: Mental Health, Stress, and Detection Challenges
According to the Ponemon Institute’s 2022 Cost of Insider Threats Global Report, 56% of insider threats stem from employee or contractor negligence, 18% from credential theft, and 26% from criminal and malicious insiders. Out of all three categories, the average number of credential thefts has grown the most rapidly, from one in 2016 to 5.7 in 2022. However, criminal or malicious insider threats, which have grown from 3 in 2016 to 6.4 in 2022, are perhaps the most dangerous and difficult to prevent.
Looking deeper into malicious insider attacks, 64% were motivated by financial gain, followed by espionage & fun, which tied for second place (17%). The Center for Development of Security Excellence investigated the ‘why’ behind the rise of malicious insider threats, concluding that causes could be predispositions like mental health conditions or personal, financial, or professional stress.
In the post-COVID-19 world, those issues have become increasingly prevalent, affecting employees across industries; the financial sector is no exception. Consider an employee grappling with personal problems, financial stress, or simply feeling overworked – their vulnerability to becoming an insider threat increases.
Unlike external cyber threats, identifying insiders with malicious intent is a formidable challenge, as many may hide their emotional turmoil. However, the center did note that when reviewing studies, many offenders had displayed troublesome behavior before acting against their companies. Often, however, no one reports the concerning behavior or connects the dots between past actions and future threats.
Disgruntled employees are especially vulnerable to social engineering attacks - 29% of attacks began with insiders falling for phishing email scams - because they feel angry, betrayed, or resentful. Hackers can exploit these emotions by pretending to be a friend, colleague, IT employee, or former boss and using the employee’s personal information to create a sense of urgency or trust.
The Cost of Insider Threats in the Financial Industry
The cost and damage caused by insider threats are staggering, and the financial sector faces more threats than most others. Whereas the average annual cost to contain an insider threat across industries is $17.19 million, the financial industry has the highest cost, averaging $21.25 million. This figure includes costs associated with:
- Data breach remediation: Identifying and recovering the compromised data, as well as notifying affected individuals
- Fraud: Covering the losses incurred by the financial institution and the costs of investigating and prosecuting the fraud
- Regulatory fines and penalties: Regulators may fine for failing to protect their customers’ data
- Loss of productivity: Employees may need to be diverted from their regular duties to investigate and respond to the incident
- Loss of reputation: Reputational damage can make it more difficult to retain and attract customers and investors
Reputation damage, once inflicted, can be long-lasting and the most difficult to recover from. Customers entrust banks and financial service providers with their hard-earned money and sensitive financial information. When those are put at risk, customers are far from forgiving. They may flock to competitors, leading to significant revenue loss and a ripple effect that can be felt for years.
How to Mitigate Insider Threats
Financial institutions must take a multifaceted approach to mitigate and avoid insider threats. Having 24/7 monitoring, like that offered by an outsourced SOC, can help mitigate insider threats by identifying suspicious activity early on, such as accessing unauthorized data or systems. A SOC can help protect against data breaches by detecting and responding to unauthorized access to sensitive data and help enforce security policies by detecting and responding to violations of those policies.
SOCs also provide what traditional network and security monitoring can’t; instead of seeing a security alert as a single point in time, a SOC delivers a full narrative by correlating seemingly unrelated events to identify patterns and reveal potential security incidents.
Implementing a zero-trust policy is another non-negotiable. Financial institutions should require all users and devices to be authenticated and authorized before they can access resources each time they access a new resource.
Other best practices include:
- Conducting employee background checks.
- Implementing strong access controls.
- Monitoring employee activity for suspicious behavior.
- Raising security awareness with employees.
Those in the financial sector have no choice but to remain vigilant; the valuable and sensitive data it safeguards demands nothing less. By understanding the insidious nature of insider threats and implementing robust security measures, financial institutions can continue to thrive in an era where trust and security are paramount.