They want to hurt you, and they know how
October 19, 2020
What’s scarier than a criminal who has the keys to the house and knows where everything is?
Insider Risk is perhaps one of the most concerning cyber risks that banks face every day. An insider is an employee; contractor; subcontractor; or any individual with authorized access to sensitive information, equipment, networks or systems. In other words, they have the keys, they know where the valuables are, they know how to get in without setting off the burglar alarm and they have malicious intent.
While financial institutions have always had to deal with insider risk, COVID-19 and swift shift to remote work dramatically increased the risks.
Financial institutions raced to enable their people to work remotely, significantly expanding attack surfaces. This is also true for third parties that support banks’ operations. Logging and monitoring functions struggle to provide comprehensive visibility across remote workforces and in many cases, network connections from remote employees are not secure. In sum, the tools and business processes we relied on pre-pandemic are no longer sufficient to manage the risks.
In addition to the expanded attack surface, many organizations have granted employees elevated access privileges so that they could get systems spun up quickly to meet changing demands during the pandemic. These same people often work extended hours, are exhausted, and may be under emotional or financial strain from the pandemic. Cyber criminals know the combination of an exhausted employee with increased access makes a perfect target for social engineering and insider recruiting efforts. Further, an insider may seek to take advantage of his/her access to steal money to alleviate the stresses of the pandemic.
This is why many security teams across financial institutions are asking new questions about how they can address insider risk. One answer is cooperation: Security teams should collaborate deeply with other corporate functions and the business. Accenture helps clients start this process by asking the hard questions.
Corporate Engagement: How is my insider threat program incorporated into my broader security, cybersecurity, and risk management portfolio? Do I have the right people at the table?
Human Resources: What can be done to provide extra monitoring and data analytics while still meeting the corporate culture? How can we get relief for our people who are overextended so that we don’t make them more susceptible? What training do we need to raise awareness of the increased risks?
Business & Business IT: What can we do to further identify who needs elevated access, for what length of time and how do we do just-in-time provisioning/revocation — while providing extra training and monitoring around these moments that matter?
Cybersecurity: What’s the most effective and efficient way to manage the explosion of endpoints, which generate vast volumes of at-risk data — while still making the best use of user behavior analytics?
Legal and Compliance: How can we be sure we’re meeting local laws and regulations around data sovereignty and privacy?
Bottom line, security teams are still shouldering much of the burden in protecting against insider risk – too much. Insider risk is a growing challenge that requires robust collaboration within banks and across all third parties.
Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.
Accenture, the Accenture logo, and other trademarks, service marks, and designs are registered or unregistered trademarks of Accenture and its subsidiaries in the United States and in foreign countries. All trademarks are properties of their respective owners. All materials are intended for the original recipient only. The reproduction and distribution of this material is forbidden without express written permission from Accenture. The opinions, statements, and assessments in this report are solely those of the individual author(s) and do not constitute legal advice, nor do they necessarily reflect the views of Accenture, its subsidiaries, or affiliates. Given the inherent nature of threat intelligence, the content contained in this report is based on information gathered and understood at the time of its creation. It is subject to change. Accenture provides the information on an “as-is” basis without representation or warranty and accepts no liability for any action or failure to act taken in response to the information contained or referenced in this report.
Copyright © 2020 Accenture. All rights reserved.