Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Insider Threats: The Hidden Enemy Within Financial Services

Financial services organizations already face a dizzying array of external threats, but just as dangerous and often harder to spot are the threats posed by people inside their firm, according to the Trustwave SpiderLabs' Financial Services Deep Dive: Insider Threat.

The report noted that insider threat attacks have become more common over the past year, with 40% of organizations reporting more frequent insider threat attacks compared to previous years. Additionally, organizations face more than just one instance of an insider threat. Over the past 12 months, 45% of organizations report that more than five instances have occurred.

The Insider Threat report, a supplement to the just released 2024 Trustwave Risk Radar Report: Financial Services Sector, pointed out the particularly nefarious and hard-to-defend nature insider threats pose. Primarily, while conventional cyber threats generally must find their way into an organization, an internal employee has already made that leap.

Adding to the defender's frustration level is that employers often overlook this problem as it is considered secondary compared to the threat of ransomware, phishing, and other prominent cyber issues.

 

Breaking Down the Insider Threat

To help organizations better understand this threat, the Trustwave SpiderLabs report breaks down the different types of insider threats, how they operate, and the methods outside actors use to recruit employees to do their bidding.

The first type of threat is the unintentional insider threat. Being unintentional might sound benign but can be as dangerous as a direct attack.

An unintentional insider threat is a person who, through negligence or by accident, makes an error leading to an attacker gaining an initial foothold in an organization. For example, clicking on a malicious link in a phishing email, accidentally disclosing data/information, or losing documents that contain sensitive data.

The next are intentional insider threats, which fall into two categories: malicious and collusive.

Malicious insiders are employees who intentionally inflict damage on their employers, often motivated by personal gain or grievances. Such individuals might sabotage critical company databases to disrupt operations as a form of retribution.

On the other hand, collusive insider threats involve an employee conspiring with external threat actors to undermine the organization. This method of collusion is a common strategy employed by groups like LAPSUS$ to establish a preliminary breach in a company's security infrastructure.

The report covers how these individuals are often recruited, including showing “Help Wanted” ads posted on the Dark Web looking for people to infiltrate their company.

 

Keeping the Insiders Out

The report also equips financial services companies with the tools to combat the threat malicious insiders pose. These include:

  1. Enhanced Vetting
  2. Continuous Monitoring
  3. Access Controls
  4. Security Training

Additionally, Trustwave SpiderLabs recommends organizations examine their network to remove, lock down, or monitor legitimate tools, like TeamViewer, that a threat actor can leverage to gain access.

The report concludes that insider threats will always be a problem for any organization, but the achievable goal is to reduce the potential for unintentional insider threats and have strong detection and response measures for the malicious type using EDR telemetry and threat hunts.

Please download Trustwave SpiderLabs’ special report: Financial Services Deep Dive: Insider Threat for the complete run down on insider threats and how to mitigate this problem.

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo