Western Independent Banker - September/October 2008 - (Page 11)

By Ted Keniston What to Do When Good Employees Go Bad! THE GOOD-INTENTIONED BANK employee can quickly turn into an account information thief at the blink of an eye, resulting in direct loss risk, risk to your bank’s reputation, compliance risk and liability risk. Your network’s worst enemy could be right on your payroll unknowingly to you, but just how wide-spread is this problem? According to a CSI 2007 Computer Crime and Security Survey, insider abuse of network access or e-mail was cited as the most prevalent security problem. (Results were based on the responses of 494 computer security practitioners in U.S. financial institutions, corporations, government agencies, medical institutions and universities.) The majority of the respondents were in the financial industry. A similar study suggests the same notion. The Insider Threat Study produced by the U.S. Secret Service and the Computer Emergency Readiness Team (CERT) notes that 78 percent of incidents examined in the report were committed by insiders who were authorized users with active computer accounts at the time of the incident. The study focused on illicit cyber activity in the banking and finance sector. In 43 percent of the cases, the insider used his or her own username and password to carry out the incident. With online access to internal resources, knowledge of system configurations and the ability to circumvent intrusion prevention and detection systems, employees can breach networks with ease. Although employees have many motives behind their dark, slippery slope to the underground such as revenge; a desire for respect or dissatisfaction with company management, culture or policies, the number one motivation for insider attacks is still financial gain. In fact, 81 percent of the respondents in the Insider Threat Study listed financial gain as their motive and goal. Twenty-seven percent of the employees were experiencing financial difficulty at the time of the incident. Understanding the myths behind the malicious operation of bank employees is, perhaps, the first step in proactively working to reduce the number of good employees going bad. One of the myths that is often considered by management is that insider attacks require technical sophistication in order to be executed. The truth is, most incidents require little technical sophistication and are carried out by employees with little or no technical expertise. In 87 percent of the cases examined in the Insider Threat Study, employees used simple, legitimate user commands like exploiting non-technical vulnerabilities in business rules or organization policies rather than vulnerabilities in an information system or network. Only 23 percent of the insiders were employed in technical positions and fewer had system administrator access. The thought of insider attacks as unpredictable is yet another myth that should be debunked. Most insider incidents are thought out and planned in advance. The Insider Threat Study lists an astounding 81 percent of such cases. There is also a high likelihood that someone else would have knowledge of those plans whether it is a coworker, friend or family member. There are also behavior patterns that should be noted. This includes: increasing complaints to supervisors regarding salary dissatisfaction, increased cell phone use at the office, refusal to work with new supervisors and isolation from co-workers. You will also find a high percentage of employees who commit incidents while on the job and during normal working hours, but many take advantage of their job’s network from home using remote access. Additionally, it is likely that employees who commit insider crimes have criminal backgrounds. The greatest impact of insider incidents is financial loss suffered by the victim bank. The severity of the loss is an indication that banks should take a close look at overall business processes in addition to information technology security. Listed below are several keys to reducing the risk of insider attacks at your bank: The Insider Threat Study produced by the U.S. Secret Service and the Computer Emergency Readiness Team (CERT) notes that 78 percent of incidents examined in the report were committed by insiders who were authorized users with active computer accounts at the time of the incident. Western Independent Banker September/October 2008 11

Table of Contents Feed for the Digital Edition of Western Independent Banker - September/October 2008

Western Independent Banker - September/October 2008 Contents A Message from the President & CEO What To Do When Good Employees Go Bad! Remote Deposit Capture: What’s Your Target Market? Remote Deposit Capture: Lessons Learned Debit Decoupling: Part of Larger Merchant Funding Trend Debit at the Speed of Life: A Look at Debit Technologies on the Rise ID Theft Rule: Automating the Compliance Process Lose Paper and Gain Audit Trails Data Loss Prevention: A New Package on an Old Idea Securing Data in Transit Margin Management: Get in the Driver’s Seat Shopping for Cyber Insurance WIB Service Corporation Report WIB Calendar Welcome New Members Index to Advertisers advertiser.com

Western Independent Banker - September/October 2008

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.