Cybercriminals are often portrayed as shadowy figures working out of far-flung countries. While there might be a glimmer of reality in that narrative, the inconvenient truth for the banking industry at least is that a whopping 60% of attacks on financial institutions are from insider threats. The biggest danger to banks isn’t necessarily faceless fraudsters, but actually malicious employees, privileged users and third-party partners.
It’s a scary thought, isn’t it? How do you even begin to protect your business from an internal threat who might be sitting next to you? Research by Verizon has found that 77% of internal data breaches are carried out by employees and in a separate study by Gartner around 62% of malicious internal actors were found to be financially motivated. All is not lost, however, because Intellesec has ways and means to protect your business.
But we’ll come to that later. In the meantime, let’s look at some insider threat examples of when financial institutions failed to prepare and paid the consequences. These are real-life examples of why it’s crucial to take the issue of insider threats seriously.
JP Morgan Chase
American investment bank, JP Morgan Chase, has suffered more than its fair share of breaches at the hands of unscrupulous ex-employees. In 2014, a former banker was alleged to have sold the personal information and PIN numbers of customers. Between 2011 and 2015, an investment adviser was accused of stealing $20 million from clients to play the stock market. While another banker was alleged to have stolen $400,000 from wealthy, deceased customers by issuing ATM cards in their name and withdrawing funds.
Morgan Stanley
In 2015, one of the world’s largest financial services institutions, Morgan Stanley, was fined $1 million for allegedly failing to adequately protect customer records. A former financial adviser was accused of falsely obtaining $730,000 of confidential customer information, including names, addresses, account numbers and account values. Ironically, having advertised those details for sale, hackers infiltrated his home-server and posted the customer information for sale on the dark web themselves.
Bangladesh Bank
In 2016, hackers launched an audacious attempt to transfer $951 million of assets from Bangladesh Bank’s account at the Federal Reserve Bank of New York. The Fed was able to block 30 transactions amounting to $850 million, but $101 million was reputedly transferred to the Philippines. Just $20 million of that was ever recovered, with the rest believed to have been laundered through the casino industry. Although there is no proof of an inside threat, the Bangladesh authorities strongly suspect the hackers were aided by internal actors.
Protect your business from insider threats
Intellesec offers enterprise-grade security solutions that can safeguard the security of sensitive client data from insider threats. We can deliver detailed risk assessments of your data flow, as well as providing actionable insights and risk reduction strategies to strengthen your data security. We can also encrypt your most sensitive data at source and at rest without affecting your workflows, so can you maintain the integrity of your data at all times.
Contact Intellesec today
For more information about our email encryption solutions, or to discuss your cyber security requirement in more detail, please contact Intellesec today on 0116 3266123 or email hello@intellesec.co.uk.
