Insider Threats & Higher Security in the Financial World
Phishing and pharming have been around a while although that’s not to say customers know all about them or know enough not to fall for them. Financial institutions are educating customers and are bringing in security practices with virtual keyboards and the like.
Within their own walls, institutions are aware of insider threats. But what’s of significance is that attackers are using multiple modes from start to completion of the attack. I came across a case recently where money was transferred by an expatriate in USA to his account in India. Within hours of transfer, the maximum allowed limit at the ATM was withdrawn. It would have gone on till the amount was cleaned - luckily though, he checked within hours, informed the bank and the account was sealed with the bank taking responsibility.
Attacks are not performed entirely online. Attackers are using online methods to track and keep tab on accounts - kind of Waiting for the Moment. But the final act can come via phone, ATM or any possible way to complete the financial fraud.
This combination of online and physical acts makes security for the institution difficult since audits can only reveal the reconnaissance element. Most institutions aren’t exactly watching this information carefully. It takes an attack before forensics come into picture to figure out who was doing the reconnaissance. And that’s too late.
Every insider has an actual work pattern – and a needed work pattern based on the work responsibilities. A wide gap in the two or a significant deviation in the actual work pattern ought to get the institution’s hackles up with controls kicking in instantly. Now that’s possible with integrating identity tightly with security rather than let identity do its job while security performs its own. Not enough in today’s insider world.
Similarly, on the customer front, one needs to understand the customer’s pattern of functioning – significant deviations must create alerts. They can be on a range of parameters like – times of withdrawal, amounts, locations where ATMs, debit or credit cards are used and more. And if it is online share trading, the amount, transactions, in a day, week and so on. Such intelligence both within their walls and on the customer front is the current needed step.
Our CEO, Hemal Patel will be at the FSI World Congress, Singapore from November 18-19, speaking on insider threats and higher security in the FSI World. If you aren’t going to be at the event, watch this space for post-event highlights.
Within their own walls, institutions are aware of insider threats. But what’s of significance is that attackers are using multiple modes from start to completion of the attack. I came across a case recently where money was transferred by an expatriate in USA to his account in India. Within hours of transfer, the maximum allowed limit at the ATM was withdrawn. It would have gone on till the amount was cleaned - luckily though, he checked within hours, informed the bank and the account was sealed with the bank taking responsibility.
Attacks are not performed entirely online. Attackers are using online methods to track and keep tab on accounts - kind of Waiting for the Moment. But the final act can come via phone, ATM or any possible way to complete the financial fraud.
This combination of online and physical acts makes security for the institution difficult since audits can only reveal the reconnaissance element. Most institutions aren’t exactly watching this information carefully. It takes an attack before forensics come into picture to figure out who was doing the reconnaissance. And that’s too late.
Every insider has an actual work pattern – and a needed work pattern based on the work responsibilities. A wide gap in the two or a significant deviation in the actual work pattern ought to get the institution’s hackles up with controls kicking in instantly. Now that’s possible with integrating identity tightly with security rather than let identity do its job while security performs its own. Not enough in today’s insider world.
Similarly, on the customer front, one needs to understand the customer’s pattern of functioning – significant deviations must create alerts. They can be on a range of parameters like – times of withdrawal, amounts, locations where ATMs, debit or credit cards are used and more. And if it is online share trading, the amount, transactions, in a day, week and so on. Such intelligence both within their walls and on the customer front is the current needed step.
Our CEO, Hemal Patel will be at the FSI World Congress, Singapore from November 18-19, speaking on insider threats and higher security in the FSI World. If you aren’t going to be at the event, watch this space for post-event highlights.
Labels: Financial Fraud, Financial Institutions, Insider Threats, Network Security, Pharming, Phishing
posted by Harish Chib at
2:40 PM
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
Links to this post:
Create a Link
<< Home