May 12, 2022//Isa Jones
Last Updated: May 23, 2022The Financial industry is becoming a hot target for hackers and ransomware, and it’s no surprise — the industry does deal with money, after all. The sector is 300 times more likely to experience a cyberattack than any other industry, and the industry is absorbing the highest cost with an average of $18.3 million lost per cyberattack.
But it’s not just the Scrooge McDuck-style pools of coins and cash that cause hackers to turn their eyes to financial institutions. It’s the access. The industry has a vast amount of internal users that can quickly turn into insider threats.
An insider threat is simply a cybersecurity threat (the potential theft or compromise of critical data or assets) that comes from an internal user, i.e an employee. While insider threats can happen accidentally or on purpose, they are a threat to be taken seriously.
According to the Ponemon Institute 2020 Cost of Insider Threats: Global Study, there were 4,716 insider attacks recorded across the globe, and the cost of an insider incident almost doubled between 2019 and 2020 from $493,093 to $871,686.
These incidents can arise from an outside source paying the internal user, the termination gap where a terminated user still has access, or simply when human error comes into play.
The financial industry, not unlike the healthcare industry, is rife with insider threats. While there is the obvious threat of those seeking financial gain, the financial industry is also prone to attack from nation-states, rival corporations, and cyber-espionage groups. That’s a lot of darts getting thrown at one target.
On average, a financial services employee has access to nearly 11 million files the day they start work. Now expand that number across an organization or multiple organizations of the entire industry. It’s unfathomable how many assets full of PII and other sensitive information (like bank account information) is being accessed at any given moment. Securing all those assets becomes a major challenge for financial organizations, and that’s not even taking into account SOX 404, GLBA Safeguards Rule, and other regulatory demands.
For hackers, it becomes obvious that the fastest way in is through an internal user. Just look at PostBank, the South African post office bank that was forced to replace millions of bank cards at a cost of $58 million after an internal employee compromised customers bank data by copying a master key. That was just a compromise, not a full-fledged theft, and it still cost over $50 million.
All it takes is one moment of human error, a moment of weakness, a well-placed phishing attack on an internal user with too much access to cause chaos. Not to mention that as financial institutions, like organizations in every industry, become more digitized and decentralized, they open themselves up to new threats and more vulnerable access points.
There are a few building blocks of cybersecurity architecture that a financial organization can place to have a better foundation against mounting threats – both external and internal.