Threats from Within: Social Engineering to Malicious Intent

Mistakes happen every day within financial services organizations due to the complexity of the organization, system integrations, and procedural events. Most mistakes cause no harm, but one incident, if not identified, can result in data exfiltration, financial loss, and regulatory fines. Twitter’s recent insider incident has highlighted the significant reputational and monetary cost of the failure to identify insider threats. To minimize risk without dramatically increasing the budget, a non-negotiable culture of cybersecurity throughout the organization is required. 

There is no one-size-fits-all solution, and a majority of financial services organizations have components of a culture in place. However, the shift to remote work has significantly raised the threat profile of insiders. Organizations must respond to the new cybersecurity landscape and adjust their procedures and culture accordingly. This report will look at malicious insiders, non-malicious insiders, and accidental threats that can be identified and mitigated before a financial loss occurs. The report will also highlight how the threat landscape, both economic and situational, has been negatively affected by the coronavirus lockdowns.

Key questions discussed in this report:

• Where do the primary risks reside within the financial services industry?
• What type of behavior needs to be monitored for? 
• What does a culture of cybersecurity look like when implemented?

The data in this report was primarily collected from a random sample of 506 cybersecurity professionals conducted in May 2020.