Insiders increasingly linked to data breaches in the financial sector

Employees are increasingly responsible for data breaches at financial institutions, according to the US Computer Emergency Response Team (CERT).

Employees are increasingly responsible for data breaches at financial institutions, according to the US Computer Emergency Response Team (CERT).

Losses to financial firms linked to managers, sales staff and other non-technical personnel average about $800,000 per organisation, according to the US-CERT at Carnegie Mellon University's Software Engineering Institute.

The continued stress of the current economy on the workplace is impacting and exacerbating the potential for insider threat, CERT chief scientist Gregory Shannon told a Congressional finance sub-committee this week, according to US reports.

"Organisations are working hard to build walls around their network infrastructure to keep people out, but are having a difficult time defending against potential menaces that are already on the inside of the fence," he said.

Shannon also highlighted that insider crimes in the financial services sector are not limited to fraud, but also include theft of intellectual property and insider IT sabotage.

The US-CERT is working with the US Secret Service and Treasury Department to develop an insider threat model aimed at defending the financial sector.

The FBI is investigating more than 400 reported cases of corporate account takeovers in which hackers have attempted unauthorised transfers from businesses' bank accounts, representing losses of around $85m to the companies involved.

In conclusion, Shannon emphasised the need for a robust cyber workforce. "An educated and equipped workforce is essential to handling the cyber threat to financial institutions," he said.

Shannon said the rapid changes and dynamic nature of cybersecurity make keeping the workforce up to date a very challenging problem, but said in training cyber professionals, the financial sector should look to virtual training environments used by the US-CERT for the federal workforce.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...