Arena Insights - Financial Services Disruptive Technology Handbook 2021

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

INSIDER THREAT

Any insider threat programme should establish a framework to understand how well the organisation is addressing the threat, while reducing gaps in security. Targeted organisations will face multiple challenges

people, policies or an ideology. A level of emotional intelligence can be a great asset to avoid changes of behaviour, but this can be overlooked. A lack of attention to how people feel about their work and their work environment can foster malicious insiders. It is also possible to reduce the power of

potential malicious insiders. Microsoft uses the concept of Just Enough Rights to limit what a user (especially with admin rights) can do within the IT systems. This notion should be fully extended to all users, whether they are system administrators or not. It is usually the case that users are given broader access on IT systems than they need. For instance, not all users need to see all data related to all projects within a department, but this level of access is generally granted anyway. This will enable users to have access to a large pool of documents they can exploit. A document check-in system could be a good deterrent if implemented correctly.

 It is generally assumed that users know how to use corporate systems such as email without receiving formal training. Many corporate documents with sensitive content are sent out of the company daily due to negligence or by mistake. While it is easy to blame the negligence or mistakes on people, perhaps we should challenge the choice of tools. Potentially, the number of mistakes observed when sending sensitive corporate documents could be an indicator that email systems are not a suitable means of communication. As society changes, we should constantly review and challenge our well-established practices. The gap between the creation of policies and

their adoption is still large. Many managers or senior managers, including policymakers, would agree that keeping all policies in one place could

be a challenge for any organisation. The assumption that employees know the content of every policy is simply unrealistic. I have seen many organisations create policies without a plan for their adoption. Do employees really know what they are supposed to do or rather not do? The weak link may not be the people themselves, as is commonly argued. Training around the topic of insider threat is

generally non-existent in many organisations. A lack of awareness of insider threat training is simply a gap in security. It is important for users to understand they can be targeted because of the knowledge they have of a given system. More so, many negligent mistakes can be avoided if it is managed successfully.

 Threat actors also actively recruit insiders in order to gain unprecedented access to various industries. How can we distinguish a brilliant potential employee from a rogue one? How can we spot whether an employee has been bribed to sell sensitive information? Many insider-breach investigations are shallow, not providing the opportunity to detect whether there is a wider network connected to any given incident. Is there a correlation between incidents of the same nature by different individuals? It would be interesting to see what a graph theory could suggest from incident breach data. According to a Flashpoint Intelligence report, the financial and telecom sectors were most targeted between May 2020 and 2021. This does not come as a surprise. Access to telecom networks could provide huge access to network flows that can be exploited for malicious purposes. Direct access to financial services would mean direct access to the target.

Key takeaways The insider threat is growing fast and many questions are still unresolved. Organisations should review how they look at such threats. As the digital transformation evolves, the nature of insider threats will rapidly change. Many of the strategies observed within the industry, where they exist, are very reactive. If insider threat is not addressed with a robust strategy in the early stages, it can become a systemic problem, and potentially become part of the culture of the organisation.

 |

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34 | Page 35 | Page 36 | Page 37 | Page 38 | Page 39 | Page 40 | Page 41 | Page 42 | Page 43 | Page 44 | Page 45 | Page 46