Employees are increasingly responsible for data breaches at financial institutions, according to the US Computer...
Emergency Response Team (CERT).
Losses to financial firms linked to managers, sales staff and other non-technical personnel average about $800,000 per organisation, according to the US-CERT at Carnegie Mellon University's Software Engineering Institute.
The continued stress of the current economy on the workplace is impacting and exacerbating the potential for insider threat, CERT chief scientist Gregory Shannon told a Congressional finance sub-committee this week, according to US reports.
"Organisations are working hard to build walls around their network infrastructure to keep people out, but are having a difficult time defending against potential menaces that are already on the inside of the fence," he said.
Shannon also highlighted that insider crimes in the financial services sector are not limited to fraud, but also include theft of intellectual property and insider IT sabotage.
The US-CERT is working with the US Secret Service and Treasury Department to develop an insider threat model aimed at defending the financial sector.
The FBI is investigating more than 400 reported cases of corporate account takeovers in which hackers have attempted unauthorised transfers from businesses' bank accounts, representing losses of around $85m to the companies involved.
In conclusion, Shannon emphasised the need for a robust cyber workforce. "An educated and equipped workforce is essential to handling the cyber threat to financial institutions," he said.
Shannon said the rapid changes and dynamic nature of cybersecurity make keeping the workforce up to date a very challenging problem, but said in training cyber professionals, the financial sector should look to virtual training environments used by the US-CERT for the federal workforce.