Insider Threats: The Hidden Enemy Within Financial Services

September 11, 20242 Minute Read

Financial services organizations already face a dizzying array of external threats, but just as dangerous and often harder to spot are the threats posed by people inside their firm, according to the Trustwave SpiderLabs' Financial Services Deep Dive: Insider Threat.

The report noted that insider threat attacks have become more common over the past year, with 40% of organizations reporting more frequent insider threat attacks compared to previous years. Additionally, organizations face more than just one instance of an insider threat. Over the past 12 months, 45% of organizations report that more than five instances have occurred.

The Insider Threat report, a supplement to the just released 2024 Trustwave Risk Radar Report: Financial Services Sector, pointed out the particularly nefarious and hard-to-defend nature insider threats pose. Primarily, while conventional cyber threats generally must find their way into an organization, an internal employee has already made that leap.

Adding to the defender's frustration level is that employers often overlook this problem as it is considered secondary compared to the threat of ransomware, phishing, and other prominent cyber issues.

Breaking Down the Insider Threat

To help organizations better understand this threat, the Trustwave SpiderLabs report breaks down the different types of insider threats, how they operate, and the methods outside actors use to recruit employees to do their bidding.

The first type of threat is the unintentional insider threat. Being unintentional might sound benign but can be as dangerous as a direct attack.

An unintentional insider threat is a person who, through negligence or by accident, makes an error leading to an attacker gaining an initial foothold in an organization. For example, clicking on a malicious link in a phishing email, accidentally disclosing data/information, or losing documents that contain sensitive data.

The next are intentional insider threats, which fall into two categories: malicious and collusive.

Malicious insiders are employees who intentionally inflict damage on their employers, often motivated by personal gain or grievances. Such individuals might sabotage critical company databases to disrupt operations as a form of retribution.

On the other hand, collusive insider threats involve an employee conspiring with external threat actors to undermine the organization. This method of collusion is a common strategy employed by groups like LAPSUS$ to establish a preliminary breach in a company's security infrastructure.

The report covers how these individuals are often recruited, including showing "Help Wanted" ads posted on the Dark Web looking for people to infiltrate their company.

Keeping the Insiders Out

The report also equips financial services companies with the tools to combat the threat malicious insiders pose. These include:

1. Enhanced Vetting
2. Continuous Monitoring
3. Access Controls
4. Security Training

Additionally, Trustwave SpiderLabs recommends organizations examine their network to remove, lock down, or monitor legitimate tools, like TeamViewer, that a threat actor can leverage to gain access.

The report concludes that insider threats will always be a problem for any organization, but the achievable goal is to reduce the potential for unintentional insider threats and have strong detection and response measures for the malicious type using EDR telemetry and threat hunts.

Please download Trustwave SpiderLabs' special report: Financial Services Deep Dive: Insider Threat for the complete run down on insider threats and how to mitigate this problem.

Trustwave SpiderLabs Research: Phishing Behind 49% Attacks Against Financial Institutions

Cybersecurity Threat Briefing for Organizations Under the SOCI in Australia

Trustwave Named Frost & Sullivan Company of the Year