Don’t Ignore Threats From Behind the Firewall

More than half of internal data theft crimes are carried out by low- and mid-level staff.

August 16, 2011
/ PRINT / ShareShare / Text Size +

For decades, community financial institutions have been under constant barrage from unrelenting legions of cyber threats hell-bent on attacking any vulnerability that can be exploited to gain access to sensitive information.

As a result, financial institutions have fortified their network perimeters with sophisticated security controls to repel incoming cyber attacks. These defensive strategies are highly effective at protecting institutions from threats that originate outside the firewall.

However, they offer little protection for the zones within the network that are most susceptible to malicious activity—the internal infrastructure behind the firewall.

Insider threats

Ever since several high-profile research firms began conducting annual data breach and fraud studies in the mid-2000s, the data has indicated that financial institutions are far more likely to experience a significant data breach originating from an internal threat rather than an external source.

Still, many institutions continue to commit a disproportionate amount of resources toward protecting the network from external threats than shielding the internal network from data leakage.

A 2010 study conducted by the Verizon Business RISK team in cooperation with the U.S. Secret Service found that the percentage of breaches stemming from an internal threat doubled between 2008 to 2009.

The vast majority of those incidents were the result of deliberate and malicious activity in which confidential data was either exfiltrated or money was embezzled from the company.

One of the most alarming conclusions the study found is that 85% of these internal attacks weren’t even considered “highly difficult.” More than half of the data theft crimes were carried out by employees in low- and mid-level positions.

When armed with this information, most organizations will probably agree that a “rogue user” who has authentic privileges and on-demand access to their internal systems poses much more of a clear and present danger than an external hacker that’s separated from a system by several layers of complex security.

Because most successful attacks originate behind the firewall, isn’t it common sense to perform periodic testing on these high-risk zones?

Next: Balanced testing

Post a comment to this story


What's Popular

Popular Stories

Recent Discussion

Great article! Unfortunately, most employees don’t feel valued or appreciated by their supervisors or employers. In fact, research has shown that the predominant reason team members quit their jobs is because they don’t feel valued. This is in spite of the fact that employee recognition programs have proliferated in the workplace – over 90% of all organizations in the U.S. has some form of employee recognition activities in place. But most employee recognition programs are viewed with skepticism and cynicism – because they aren’t viewed as being genuine in their communication of appreciation. Getting the “employee of the month” award, receiving a certificate of recognition, or a “Way to go, team!” email just don’t get the job done. How do you communicate authentic appreciation? We have found people have different ways that they want to be shown appreciation, and if you don’t communicate in the language of appreciation important to them, you essentially “miss the mark”. Additionally, employees need to receive recognition more than once a year at their performance review. Otherwise, they view the praise as “going through the motions”. A third component of authentic appreciation is that the communication has to be about them personally – not the department, not their group, but something they did. Finally, they have to believe that you mean what you say. How you treat them has to match the words you use. If you are not sure how your team members want to be shown appreciation, the Motivating By Appreciation Inventory (www.appreciationatwork.com/assess) will identify the language of appreciation and specific actions preferred by each employee. You then can create a group profile for your team, so everyone knows how to encourage one another. Remember, employees want to know that they are valued for what they contribute to the success of the organization. And communicating authentic appreciation in the ways they desire it can make the difference between keeping your quality team members or having a negative work environment that everyone wants to leave. Paul White, Ph.D., is the co-author of The 5 Languages of Appreciation in the Workplace with Dr. Gary Chapman.

Your Say: Who should be Credit Union Magazine's 2014 CU Hero of the Year?

View Results Poll Archive