Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Business

Posted By Gbaf News

Posted on December 4, 2014

MANAGING THE INSIDER THREAT

Dr. Guy Bunker, CTO, Clearswift

Thirty-nine percent of financial sector businesses said they had been victims of cybercrime, according to PricewaterhouseCoopers’ 2014 Global Economic Crime Survey. This makes this industry the most frequently attacked sector – 39% say they’ve been attacked compared to 17% reported in other industries. Despite the increase in cybercrime, the report also highlights that many banks don’t believe they will fall victim to cybercrime in the near future, showing there is clearly a gap in awareness, especially as the modern finance institution is far more dynamic and interconnected than ever before.

Whilst an array of defences against external threats already exist in the IT security world, most damage comes from within an organisation, with PwC’s Information Security Survey 2015 citing employees as the most likely culprits of a data breach. But it’s not just the malicious insider; it’sgenerally the ability of innocent, perhaps naive employees that compromise the security of data, whose value has never been higher.

What threat does an insider pose?

Financial institutions house a tremendous amount of data – with more critical information than organisations realise – and managing this is a huge challenge, which is compounded by the sheer number of complex IT assets that all interact with each other within the network. While it is relatively straightforward to protect a system from the majority of external dangers via basic security hygiene software, the myriad of interconnected IT systems within a bank inevitably leads to technical gaps in the controls, which can lead to misuse of data internally.

The risk of a data breach has also increased as trends such as BYOD, and online services have become ubiquitous. This can cause issues in terms of collaborative work as employees often bypass recommended protocols, which are more controlled, in favour of quick and easy solutions that they use as a consumer, Dropbox for example. Although many of these applications have security in place – they are not equipped to the same levels as the internal systems and they do not control the type of files that are passed through the channel, meaning users can share information that they perhaps shouldn’t.

When housing millions of customers’ details, any data that falls through these security gapscan be disastrous, not just because of the potential consequences the leaked information will have, but also in terms of business compliance and the law. In the UK, the Financial Conduct Authority (FCA) has tremendous power to levy significant fines, which not only harm the bottom line but the reputation of the company as well. In November this year, it fined RBS £56million for inadequate IT systems. Italso found that many small financial firms need to manage crime risks more effectively. Clearly there is not just room for improvement, but also a real need to address an increasingly serious situation as businesses can still be penalised even if the leak was accidental.

Balancing security with collaboration

Sharing information and working together is the lifeblood of any organisation. However, humans are humans and things will inevitably go awry. An employee may accidentally send an email with customer data attached to an unsolicited address, which could be a serious breach of policy.

One way to overcome this would be to button down the hatches, monitor all network traffic and intercept any networkactivity that could potentially lead to a data breach. However, this isn’t really a solution, it’s not conducive to collaborative working and it’s too prescriptive – not every email will be blocked for the same reason and different triggers may need different actions, some to be reported to managers, some simply to be quarantined. This heavily prescriptive approach can hinder as much as it protects.

As such, a more flexible approach is needed: one that can filter out critical information, whilst letting the rest through. This style of adaptive redaction can block sensitivedata within an email whilst still allowing it to be sent andwill enable businesses to continue to collaborate while ensuring that certain data is not shared with unauthorised parties.This style of technology can be extended to the whole of the working environment, for example – to prevent users from copying critical information to USB sticks.

At Clearswift, we’ve worked with financial institutions across the world and one solution is our adaptive redaction technology, whichcan take emails apart, find the part deemed sensitive, remove it and put everything else back together again.

While it is important for financial organisations to protect themselves from cyber-attacks from the outside world, preventing misuse from within should take equal place in any IT security strategy, as this is where an issue is more likely to arise. Equally, any information security strategy must ensure that it both facilitates collaboration whilst protecting critical information.

Guy Bunker has over 20 years’ experience in the cyber security sector, including being chief security architect at HP and Chief Scientist at Symantec. 

Recommended for you

  • Alaamry Global Capital’s Annual Letter: Saudi Investor Khalid Alaamry on Strategic Thinking for International Markets.

  • Enhancing Guest Loyalty in Hospitality: The Impact of Personalized Services on Customer Satisfaction

  • Building Brand Equity in Luxury Goods: The Role of Heritage and Craftsmanship