The Threat from Within

The Threat from Within

Protecting banks during the challenge of COVID-19 and a reduced staff

Just as banks use every tool at their disposal to maximize revenue opportunities and manage their ledger, they must take the same approach when it comes to security. New challenges with COVID- 19, banks operating with a reduced staff and employees working from home require an updated and more diligent security plan. Insider threat programs are a key component to an overall security plan.

While financial institutions implement some level of security, they can improve their security and insider threat programs leveraging the latest security technologies. Cross-department collaboration, a practice that challenges organizations, is an extremely helpful part of the solution but is often the hardest to execute. Combining the right mix of technology and security staff will better protect financial institutions from insider threats and help meet COVID-19 guidelines.

The biggest risk to financial institutions is the possibility of bank employees accessing private user account data, including account numbers which can be printed, emailed, saved and be sold to bad actors for a high dollar amount. Most banks have deployed an access control system to manage access throughout their complicated environment. Access control systems collect large amounts of employee access data on a daily basis. While the amount of data collected is overwhelming and difficult to manage, it is extremely useful when trying to identify potential risks.

An analytics system can process access control data and assist with insider threat and COVID-19 challenges. Deploying an analytics system alongside an access control and identity management system can help leverage data to identify risks through anomalous behaviors by tracking an employee’s access history and behavior patterns.

HOW ANALYTICS SYSTEMS WORK

People are creatures of habit and have daily work routines based on where they enter a building, what elevator they use, the location of their office or desk. Over time, employees establish their work patterns and the analytics system learns what doors they enter and exit and when they move about. It understands their behavior. The analytics system applies a risk score based on people, location and time.

The score is higher for a person who has access to critical areas such as the data center. A location score would be higher on a data center card reader than a cafeteria door, and scores are lower during the workday and higher during off times.

By understanding an employee’s habits and applying scores to the readers throughout a facility, an overall risk score is established for each employee. Baseline scores demonstrate normal behavior. However, if an employee tries to enter a bank in the middle of the night, the behavior would raise the score.

When a person’s risk score rises above normal, an alert in the dashboard notifies the security team. They can then review the specific employee’s behavior and see if the suspicious behavior is an anomaly or requires further action. Maybe the employee was working late on a project and needed to get into another department that he didn’t have access to after-hours. Or maybe the employee is searching for account data to sell.

An analytics system flags possible early warning signs and alerts the security team to keep a better watch on the situation. Having insight early could prevent a possible breach or crisis because the security team can start to watch the behavior more closely. It will also provide HR teams and management just-cause to investigate and confront the employee about the suspicious activity.

Obtaining this level of insight from your access data is only possible using an analytics system.

LEAST PRIVILEGED ACCESS HELPS MEET COMPLIANCE

When employees start a job, they are given an access card. Often that access card allows them access to many more areas than they need to perform their job, creating a risk. Tightly controlling employee access helps prevent risk. Using an identity management system, banks must implement the least privileged access approach, which gives employees access to only the areas they need to perform their jobs.

Access to additional areas must be requested by the employee. Access is granted for a predetermined amount of time and automatically deactivates access when the time limit expires. It provides an electronic log of all requests and an audit trail to prove compliance. Least Privileged Access works well in heavily regulated industries such as banking. Financial institutions can match up timeframes with regulations to meet compliance.

Each department within a bank works with different files and uses its own standards to complete work. Based on the security program’s rules, the security team should know exactly who within the department should have access to the files, who outside the department is accessing those files, and monitor who tries to get access to those files.

“Banks must monitor all card swipes in areas where physical account data resides,” said Dan Bissmeyer, G4S director of business development. “Anyone from outside that section of the building or another department could possibly be fishing for that data.”

COVID-19 CHALLENGES

The onset of COVID-19 earlier this year brought on new challenges for financial institutions. Banks found themselves scrambling to move employees home to work. Entire security operations centers and call-centers needed to operate from home. Although considered essential, headquarter operations and branches operated with skeleton crews to serve customers.

Insider threat programs are set up to monitor employees, limit access, track how a person might be trying to access areas and information, and respond quickly to mitigate risk. Layers of security, using people and technology, are put in place to protect the company.

“Remote work makes it incredibly dif- ficult to keep an eye on people,” Bissmeyer said. “You lose what you had in your layers of security with physical access, identity management and analytics.”

In a remote setting, a bank must rely on its logical controls to monitor when employees log in and what they are accessing. However, the loss of physical containment is a huge challenge. When operating inside a bank, the employee is surrounded by layers of security that are put in place to protect them and the data they manage. When working remotely, an employee can work anywhere, exposing data on an open laptop to roommates or friends. Printing at home is especially dangerous. Financial hardships due to COVID-19 and the economy may also tempt employees to generate fraudulent loans.

While banks have remained open, they are slowly bringing back more employees to the workplace as restrictions are lifted. The right technology can help with the transition. An analytics system can help a bank remain in compliance and show proof that the bank is operating according to policy. If a bank is running at 50 percent capacity in their buildings, the security team can pull up a dashboard that shows exact capacity at any moment. This ensures they are following the proper health guidelines imposed by authorities and they will meet internal and external compliance standards, which help preserve the bank’s integrity and reputation.

Banks can use contact tracing tools to track employees who may have been near a person who tested positive for COVID-19. If a person tested positive or was exposed, those who have been exposed to that person could easily be identified. Visitor management systems can control and authorize visitors before they arrive. A temporary card can be used from the phone via a QR card reader, eliminating the need to touch a card. Visitors can be required to answer COVID-19 related questions and remotely sign policy documents before being allowed access to a building, ensuring compliance while keeping employees safe from exposure to the virus.

Security officers can capture events using the data from other systems to contain and recover preventing the spread of infection. Proper tracking of COVID-19 diagnoses and all events within an incident management system will help the bank remain in compliance.

CROSS COLLABORATION

Deploying the best technologies can help provide a powerful and comprehensive insider threat and security program, but to have a top-notch program, an organization must have cross-collaboration between its departments. Key stakeholders from HR, legal, IT, facilities and compliance should meet regularly with the security team.

“Reach out and discuss the benefits of having a strong relationship with different departments to not only help build an insider threat program and improve security overall, but to benefit the company as a whole,” Bissmeyer said. “Eliminating silos and working cross-functionally is the only way to have a first-rate security program.”

Different departments perform different investigations and cross-communication could streamline the process and benefit other programs such as workplace violence, business continuity, and crisis management. All of these programs touch other departments. Invite members from these departments to attend regular staff meetings, and request to have someone from the security department at their meetings. Understanding what is happening in other departments eliminates surprises and helps each team be more proactive.

Together, establish workflows when incidents or crises are identified. Dynamic, distributed and auditable workflows will create a streamlined response and improve reaction time. COVID- 19 challenged all aspects of the banking business. Implementing cross-collaboration communication and workflows, along with the right technologies will help banks be better prepared for the next crisis.

This article originally appeared in the September 2020 issue of Security Today.

Featured

  • Evolving Cybersecurity Strategies: Uniting Human Risk Management and Security Awareness Training

    Organizations are increasingly turning their attention to human-focused security approaches, as two out of three (68%) cybersecurity incidents involve people. Threat actors are shifting from targeting networks and systems to hacking humans via social engineering methods, living off human errors as their most prevalent attack vector. Whether manipulated or not, human cyber behavior is leveraged to gain backdoor access into systems. This mainly results from a lack of employee training and awareness about evolving attack techniques employed by malign actors. Read Now

  • Report: 1 in 3 Easily Exploitable Vulnerabilities Found on Cloud Assets

    CyCognito recently released new research highlighting critical security vulnerabilities across cloud-hosted assets, revealing that one in three easily exploitable vulnerabilities or misconfigurations are found on cloud assets. As organizations increasingly shift to multi-cloud strategies, the findings underscore significant security gaps that could provide attackers with potential footholds into networks. Read Now

  • Built for Today, Ready for Tomorrow

    Selecting the right VMS is critical for any organization that depends on video surveillance to ensure safety, security and operational efficiency. While many organizations focus on immediate needs such as budget and deployment size, let us review some of the long-term considerations that can significantly impact a VMS's utility and flexibility. Read Now

  • Paving the Way to Smart Buildings

    In today's rapidly evolving security landscape, the convergence of on-prem, edge and cloud technologies are critical. The physical security landscape is undergoing a profound transformation, driven by the rapid digitalization of buildings and the evolving needs of modern organizations. As the buildings sector pivots towards smart, AI and data-driven operations, the integration of both edge and cloud technology has become crucial. Read Now

  • The Cybersecurity Time Bomb

    If you work in physical security, you have probably seen it: a camera, access control system, or intrusion detection device installed years ago, humming along without a single update. It is a common scenario that security professionals have come to accept as "normal." But here is the reality: this mindset is actively putting organizations at risk. Read Now

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.