Trust is the foundation of any business. Once it’s lost, so is the business.

Perhaps no industry is more keenly aware of this fact than the financial services industry. In financial services data is highly valuable — and, therefore, highly sought after by cybercriminals.

The desire to maintain trust, undergirded by a bevy of regulatory requirements, has led financial firms to adopt advanced security technologies like encryption, tokenization, strong authentication and audit logs.

Despite the best-laid plans, however, breaches will still occur. This is partly because while most organizations are busy protecting their networks from outside intruders, most threats come from within.

According to a report from the research firm Ponemon Institute, insider threats cost organizations an average of $4.3 million a year.1 In fact, the 2017 IBM X-Force Threat Intelligence Index2 found that 60 percent of all cybersecurity attacks are caused by employees inside an organization. Of these, 44.5 percent involve malicious insiders and 15.5 percent are precipitated by inadvertent actors.


Financial services firms can prepare by creating an incident response plan, monitoring privileged user accounts, implementing user behavioral analytics and conducting forensic investigations.

Create an incident response plan

Since the time it takes to contain a breach correlates directly to how much damage occurs, rapid containment is critical. Crafting a quality incident response plan will help contain security incidents that would otherwise become full-blown breaches and require the involvement of regulatory authorities.

Evaluate and change the plan frequently, since the organization will naturally change and evolve.

Monitor privileged user accounts

Eighty percent of security breaches involve privileged user credentials, according to Forrester Research’s report “The Forrester Wave: Privileged Identity Management, Q3 2016.”3 This is the case because privileged users aren’t usually audited by their employer to a depth that would raise suspicion. As a result, intruders accessing these accounts are free to pilfer an organization’s information and resources.

Cybercriminals want unlimited access, and they know humans are the weakest link in the cybersecurity chain. They’re using social engineering — including phishing, baiting, man-in-the-middle and tailgating — to obtain privileged user credentials.

Once inside the network, these criminals go undetected and enjoy advanced privileged user status, giving them plenty of time to extract data across the network.

To protect an organization’s data, one should first know who has access to the information. Business networks now include third-party contractors and business partners who may have unnecessary access to company data. Mission-critical applications should be monitored to oversee who is accessing what information.

The ability of insiders to access sensitive information, such as trade secrets, consumer information and payment card data, makes them a particular threat to the organization. When monitored, users who have inappropriately accessed data can be trained to access only job-critical data or, if necessary, sanctioned for such activity after they have been trained to avoid it.

Information technology security teams must be able to discover and mitigate unknown users, new users or users with a low clearance who may pose a threat to the organization’s data. Once identified, users can be governed through policy, activity monitoring and training.

In addition, organizations should apply the “principle of least privilege” to their employees’ access. This means users are given the least access necessary to properly perform their role.

Implement user behavioral analytics

To identify and prevent damage or loss from compromised privileged user credentials, organizations can use behavioral analytics monitoring technology to spot anomalies in user behavior.

What’s powerful about behavioral analytics technology is that it tracks users’ past behavior to predict future behavior, giving organizations more accurate insight into user activity.

In addition to monitoring exports of data and employee activity, these technologies look for deviations in user behavior such as differing times of login, disparities in geo-location and access of internal systems.

For instance, imagine that your chief marketing officer starts accessing your trade secrets or the infrastructure layout of your network, which he has never done before. Behavioral analytics would proactively alert you to such unusual behavior, allowing you to block access immediately upon detection and contain an incident before it can become a full-blown breach.

Conduct a forensic investigation

Many scenarios require a forensic investigation into application access activity. For many enterprises, a review of a departing employee’s access is a mandatory step in the off-boarding process. Running a simple forensics report supports this step.

Many other unexpected scenarios may unfold and require a forensic investigation. For example, a business may need to investigate how a price book, which includes all a company’s products and their standard prices, was deleted, leading to errors in hundreds or even thousands of sales opportunities.


In the current online environment of numerous, increasingly sophisticated attacks, financial services organizations thrive or flounder based on their data’s security.

Some firms focus so intensely on keeping the bad guys out that they overlook the need to scan for security risks from within. Others are completely unaware that the majority of breaches involve insiders.

By following the best practices listed above, financial firms can strengthen their overall security posture and be ready to act quickly when a breach occurs. This kind of preparation engenders trust from customers, which is an essential ingredient to modern-day survival and success in business.

Read More