Beware of the threat from within, Gartner warns banks

27 Aug 2004

Financial service providers like banks are extremely vulnerable from computer attacks, particularly from within their own companies, warns Gartner. The tech analyst estimates that by 2008, insiders working alone or with outsiders will account for the majority of financial losses from the unauthorised use of computers and networks in financial institutions.

Gartner pointed to research revealed earlier this week by the US Secret Service and the Carnegie Mellon University Software Engineering Institute’s Insider Threat Study, which examined 23 insider attacks between 1996 and 2002. The research found that most insider attacks – some 87pc by authorised individuals using legitimate commands for illegal purposes – involved technologically unsophisticated techniques.

Some 83pc of insider attacks occurred from within the company’s physical premises and during normal working hours. Most were motivated by the desire for financial gain rather than the desire to damage the financial institution.

The financial loss from the attacks was significant, with 30pc of institutions reporting losses in excess of US$500k (€413,989).

The research by the US Secret Service, Gartner says, confirmed its own earlier research that showed that insiders represent a significant and underappreciated class of threat agent, with the problem accounting for the majority of financial losses from unauthorised use of computers and networks by 2008.

Advising financial institutions to be vigilant, Gartner analyst Ricard De Lotto advises that firms should immediately conduct a confidential inventory of individuals and groups with a fiscal or other interest in the company’s future; detailed knowledge of the company’s business processes, applications, technology infrastructure or control mechanisms; or the opportunity to access or influence the company’s processes.

Financial institutions should also determine whether these parties could possess the technical ability and the means to damage the company’s systems or misuse information.

Firms must reduce or eliminate the threat wherever possible by taking steps such as changing passwords and access rights immediately when an insider’s status changes; such as when an employee leaves, relationships with auditors or suppliers change or when consultants complete a project.

“Insider threats will never be eliminated completely. However, stakeholder risk analysis of this type can significantly limit these threats. Reduce blind spots and institutional bias by having your research, analysis and response plans studied by both outside specialists and legal counsel,” De Lotto recommends.

By John Kennedy