When we talk about cybercrime in the Banking & Financial Sector we tend to focus on external threats, but often organisation insiders are more likely to be the source of cyberattack.
In fact you could say insider threats pose a greater risk than external threats as your employees already know where the company’s ‘crown jewels’ are. These crown jewels could include the assets that drive cash flows, competitive advantage and shareholder value.
Insiders tend to know what exactly resides on the networks and how to gain access to them for the purpose of theft, disclosure, destruction or indeed manipulation. For example the leaking and disclosure of critical information could lead to the manipulation of share values. This is a far more effective means of profiting through cybercrime than traditional fraud techniques.
Some of the risks posed from Insider Threats in the Financial Sector:
- Undesired disclosure of confidential customer and account data – jeopardizing an organizations most valuable relationship
- Loss of intellectual property
- Disruption to critical infrastructure
- Monetary loss
- Destabilize, disrupt and destroy cyber assets of financial institutions
- Embarrassment, Public Relations
Identifying the Insider Threat
Insiders can be current employees, former employees or trusted advisors and partners (the extended enterprise).
That unhappy employee, or rogue insider will go to any length to gain access to the organization’s critical information, share the sensitive data they get their hands on and even put it to some other unscrupulous use such as insider trading.
Whilst malicious employees are the exception rather than the rule, they are not the only insider threat.
Ignorant users are also perilous. Recent Forrester research has shown that the greatest volume of security breaches (36%) come from employees inadvertently misusing data. They unwittingly share sensitive data or information that could fall into the wrong hands almost daily. Many employees also casually share passwords. Giving their ID as an apparent necessity or just to make their lives easier, without any idea of why it might cause a security breach.
Nearly 90% of IT professionals believe the ‘insider threat’ is not a technology issue
From our own research report, the vast majority (86%) of IT professionals consider insider threats to be a purely cultural issue, and are not aware that technology can help them address internal security issues.
Active Directory does provide basic user security – checking the credentials supplied match stored user profiles and then opening up access to resources – but it’s vital to build on this with real-time monitoring and further restrictions to what authenticated users can do.
Many infosecurity tools concentrate on authentication but these types of external facing tools are less effective against authorised users from inside the organization.
How UserLock mitigates the Security Risk from Internal Users in the Financial Sector
UserLock is a unique enterprise solution that addresses these specific but important gaps in managing the security of a network, far beyond what native Windows functionality provides.
It empowers banking and financial institutions with the tools to secure network access for all authenticated users and help protect a Bank’s critical data and information assets from internal threats.
It adds further access controls and restrictions on what authenticated users can do, that cannot be achieved in native functionality. In addition real-time monitoring offers the opportunity to investigate and respond to potential insider threats quickly and accurately.
1. Control, Manage & Secure Network Access for all employees
UserLock sets and enforces effective login controls and restrictions (that can’t be achieved in native Windows controls) on what authenticated users can do.
This customized user access policy permits, denies or limits user logins based on a range of criteria such as concurrent logins, workstation access and usage/connection time. This helps ensure inappropriate access to the network (and the data contained within) is no longer a possibility, reducing the risk of security breaches from internal threats.
2. Eliminate the opportunity for fraud from employees sharing logins
Banks need to eliminate the opportunity for fraud resulting from users sharing logins. It’s vital to ensure that employees are limited to using only their own personal login information.
Many employees casually share passwords as an apparent necessity or just to make their lives easier, without any idea of what it might cause a security breach. Shared passwords allow rogue users to easily move within an organization’s network once credentials are compromised. When a user’s password is compromised it is often the gateway for rogue users to getting access to other systems and applications since users commonly reuse passwords across multiple company systems.
Despite increased education and user security awareness, employees continue to share credentials, as there is no consequence on their own network access. Native security controls in Windows Networks are not enough as they don’t limit or prevent concurrent logins.
Limiting or preventing concurrent logins with UserLock significantly decreases the likelihood of users sharing passwords as it impacts their own ability to access the network. It provides the motivation to adhere to password security policy and help protect the organization’s critical assets.
3. Recognize improper user access and respond to risky behavior or access attempts from someone other than the legitimate user
Real-Time monitoring provides the visibility into what users are doing and the ability to take appropriate security measures to alleviate IT security threats.
This immediate and remote response to suspicious, disruptive or unusual logon connections should be an integral part of any organizations security policy and risk mitigation strategy.
4. Ensure Compliance with mandates governing access control and data handling
With UserLock, Financial organizations have the ability to control, identify, search, report and archive user access to help the bank secure sensitive and regulated information, prevent data leaks and comply with regulations on access control and data handling.
By centralizing and archiving all access events, UserLock can also offer quickly the detailed and accurate insights to support IT forensics, auditing and regulatory compliance.
5. Stop attacks from legitimate stolen credentials (password theft)
UserLock ensures unauthorized access is no longer a possibility – even when credentials are compromised. It stops malicious users seamlessly using valid credentials.
Such an attacker is likely to log in with stolen credentials from an abnormal location at an unusual time. Restricting user’s individual access to the network by physical location (workstation or device, IP range, department, floor, building…) and setting usage/connection time limits helps organizations avoid these credentials-based attacks.
In addition by preventing concurrent logins network vulnerability is significantly reduced. This limits users to only one possible Windows connections at any one instant making it impossible for any rogue user to use valid credentials at the same time as their legitimate owner, wherever they are based.
6. Raise User Security Awareness
Employees need to understand what security policies and procedures are, why they exist and what security measures are used on the network. Informed employees are an important line of defense.
UserLock supports IT’s effort to communicate consistent and clear security policies and controls through its notification system. UserLock allows an organization to notify all users prior to gaining access to a system with customized messages to increase user security awareness and educate about insider threats. This can include warning users about any access denials on their account.
What’s more, messages about legal and contractual implications can discourage employees from committing cybercrime or lashing out at the organization for a perceived injustice.
Case Studies for Mitigating Insider Threats in Banking & Financial Institutions
“With 60,000 users conducting financial transactions on a regular basis, we needed to eliminate risks and possible fraud resulting from improper user access. UserLock in fact does that and much more. It even helped us to identify and block employees who used robots to automate their tasks on several different workstations, putting both our bank’s and our customer’s data security at risk.”
“The most important capability is the ability to prevent concurrent logins and credential sharing between the users, especially at the Bank’s branches where users are responsible for financial transactions”
“Due to the nature of our organization as a bank it was a real headache to prevent users from sharing credentials or logging in to more than one workstation at a time. We used to manually check and monitor whether the login user was already logged in to another machine. With no GUI available all user access needed to be reviewed and monitored manually, making it incredibly time consuming to respond to any security incidents.”