Insider threat



According to the recent IBM X-Force report covering data breaches in Financial Services sector throughout 2016, the majority of such events was caused by insiders.

The study was based on publicly reported security incidents for the whole of 2016. According to the report we face a tremendous wave of such incidents as more than 200 million financial services records were breached throughout 2016 (937% YoY rise). Even simple access to transaction data is considered serious breach, because it can facilitate subsequent "hard" financial theft.

Financial Services was the most-attacked industry in 2016. These organisations were breached 65% more than the average in all other industries in the study. It seems that the award of financial gain is still easier and cheaper to gain for the cybercriminals than the countermeasures banks and insurers are able (and are willing) to put up. Introduction of the upcoming General Data Protection Regulation (GDPR) can increase the incentive to build more efficient protections, but it seems that we still miss the most important point here. And the report is pointing clearly to it.

Humans are still the weakest link in the IT security. Even in the financial institutions, where we expect the strongest defences to be present. That more than half of banks' breaches are caused by employees highlights the futility of their investing in cutting-edge core systems to bolster security. Most of the "insider job" cases were inadvertent in nature, i.e. the users were making either some sort of mistake or were manipulated to act against their employer security policy. Usually it's just a simple human error, lack of knowledge, training or just high time pressure, rush in meeting the deadlines, overlooking details while being extremely tired.

Still, the most vicious, the most "successful" operations are driven by the inside people with malicious intent. They account for just 5% of all data breaches, but at the same time bringing the largest losses to the subject organisations. These people know what they do and why the do it. They intentionally access the right data assets and steal them or modify them to harm the organisation. The hit is precise and easy to cover for a privileged user. All logs can be erased leaving no traces behind such activity.

It's high time to replace the simple trust in positive intentions off the insiders with efficient monitoring and documentation of their actions through Privileged Access Management systems. All errors can be tracked down and reverted in case of simple human mistake. For the malicious insiders, most of their aggressive actions can be prevented and the criminals caught red handed before any damage is actually done.


Michał Jarski

Vice President EMEA & Asia at Wheel Systems



Unexpected consequences of data breaches

Security clearances, passwords for computers and confidential communications have recently leaked from an international airport’s system. Read a commentary on the issue by Wheel Systems VP, Michal Jarski


GDPR Insider threat Data breach Privileged Access Management Fudo

Contact form

Are you interested in our products? Contact us.