Independent Banker - August 2018 - 35
Next: How to deal with offsite compliance
cybersecurity incidents, " says Mark Weatherford, senior vice
president and chief cybersecurity strategist for vArmour, and
former deputy undersecretary for cybersecurity at the Department
of Homeland Security. " People are typically helpful by
nature, and in a service industry like finance, it is essential and
necessary. This is what makes community banking employees
susceptible to social engineering. "
Phishing specifically, and social engineering more broadly,
allows attackers to assume trusted insider positions. Weatherford
points out that this can give them access to everything
those trusted insiders have available to them. This is what often
results in cyber-enabled financial fraud. " While JP Morgan
Chase & Co. can afford to spend $500 million each year on
cybersecurity-related activities, including continuous employee
training and security tools used to protect employees from
themselves, " Weatherford says, " most community banks can't
expect to even get near that percentage of funding. "
Further exacerbating the issue of insider threat is the
ever-increasing concentration of computer power and network
access provided to so-called privileged users-people
within a company who have been given special powers within
that company's network. When asked who posed the biggest
internal threat to corporate data, 55 percent of respondents
to the 2015 Vormetric Insider Threat Report identified privileged
users, followed by contractors, service providers and
business partners. Traditionally, network defense focused
outward, reacting to potential hacks and breaches coming
from parties outside the firewall. Today, the focus is broader.
Privileged users
With this in mind, it's not surprising that less than one-third
of IT security pros feel confident about identifying insider
threats, with third-party and employee access their biggest
concerns, according to a report by Atlanta-based identity and
access management firm Bomgar. Also, a full three-quarters
of respondents to Bomgar's Privileged Access Threat Report
2018 have seen the number of vendors with access to their
networks increase in the past year, and 33 percent believe they
spend too little time monitoring third-party vendor access.
It is not necessarily the malicious employees who are
doing the most harm. Research from Forrester shows that
the greatest volume of security breaches (36 percent) comes
from employees simply inadvertently misusing data.
" Community banks tend to distinguish themselves from
large banks as closer to customers, and more friendly, which
can be a bit at odds with security protocols, " says Seth P.
Berman, a partner and leader of the privacy and data security
practice group at Nutter McClennen & Fish LLP.
In 2015, 60 percent of breaches came through insiders,
according to IBM. And that issue has only grown more prevalent.
The EY Global Banking Outlook 2018 reports roughly nine out
of 10 (89 percent) banks rank enhancing data security as a top
priority for 2018. Oleg Kolesnikov, director of cybersecurity
and threat research at Securonix, believes that in light of the
recent series of banking compromises-including Moneytaker,
Lazarus and others-insiders represent a " significant risk. "
Kolesnikov points to the $1.8 billion Society for Worldwide
Interbank Financial Telecommunications (SWIFT)
compromise at Punjab National Bank (PNB). In February
2018, two bank employees-a loan manager with a young
" People are typically helpful
by nature, and in a services
industry like finance,
[cybersecurity] is essential
and necessary. "
-Mark Weatherford, vArmour
subordinate-colluded with a loan recipient and misused
their access to SWIFT to send more than 150 fraudulent
letters of undertaking over a period of more than a year,
exploiting a loophole in the internal controls (CBS) to avoid
detection. (Based on publicly available details, there was no
automated monitoring or security analytics in place. A lack of
integration between SWIFT and CBS logs meant employees
were required to manually log activity, effectively watching
over themselves.) The activity went undetected for a significant
period of time, and no Suspicious Transaction Report
(STR) of First Information Report (FIR) was filed until nearly
$2 billion was stolen.
" The risk from employees is very serious and very high
regardless of the size of the bank, " says Sean Feeney, CEO of
DefenseStorm. He adds that big money center banks " have
thousands of people focused on cybersecurity and cyber fraud; a
community bank cannot match that. " When it comes to threats
from employees, the issue is particularly pronounced-70
percent of audits and investments show businesses have
deficiencies in monitoring insider threat, and three-quarters
(75 percent) of all insider threats go unnoticed, according to
research from SANS.
Karen Epper Hoffman is a writer in Washington state.
independentbanker.org Q 35
http://www.independentbanker.org
Independent Banker - August 2018
Table of Contents for the Digital Edition of Independent Banker - August 2018
Table of Contents
Independent Banker - August 2018 - Intro
Independent Banker - August 2018 - Cover1
Independent Banker - August 2018 - Cover2
Independent Banker - August 2018 - Table of Contents
Independent Banker - August 2018 - 2
Independent Banker - August 2018 - 3
Independent Banker - August 2018 - 4
Independent Banker - August 2018 - 5
Independent Banker - August 2018 - 6
Independent Banker - August 2018 - 7
Independent Banker - August 2018 - 8
Independent Banker - August 2018 - 9
Independent Banker - August 2018 - 10
Independent Banker - August 2018 - 11
Independent Banker - August 2018 - 12
Independent Banker - August 2018 - 13
Independent Banker - August 2018 - 14
Independent Banker - August 2018 - 15
Independent Banker - August 2018 - 16
Independent Banker - August 2018 - 17
Independent Banker - August 2018 - 18
Independent Banker - August 2018 - 19
Independent Banker - August 2018 - 20
Independent Banker - August 2018 - 21
Independent Banker - August 2018 - 22
Independent Banker - August 2018 - 23
Independent Banker - August 2018 - 24
Independent Banker - August 2018 - 25
Independent Banker - August 2018 - 26
Independent Banker - August 2018 - 27
Independent Banker - August 2018 - 28
Independent Banker - August 2018 - 29
Independent Banker - August 2018 - 30
Independent Banker - August 2018 - 31
Independent Banker - August 2018 - 32
Independent Banker - August 2018 - 33
Independent Banker - August 2018 - 34
Independent Banker - August 2018 - 35
Independent Banker - August 2018 - 36
Independent Banker - August 2018 - 37
Independent Banker - August 2018 - 38
Independent Banker - August 2018 - 39
Independent Banker - August 2018 - 40
Independent Banker - August 2018 - 41
Independent Banker - August 2018 - 42
Independent Banker - August 2018 - 43
Independent Banker - August 2018 - 44
Independent Banker - August 2018 - 45
Independent Banker - August 2018 - 46
Independent Banker - August 2018 - 47
Independent Banker - August 2018 - 48
Independent Banker - August 2018 - 49
Independent Banker - August 2018 - 50
Independent Banker - August 2018 - 51
Independent Banker - August 2018 - 52
Independent Banker - August 2018 - 53
Independent Banker - August 2018 - 54
Independent Banker - August 2018 - 55
Independent Banker - August 2018 - 56
Independent Banker - August 2018 - 57
Independent Banker - August 2018 - 58
Independent Banker - August 2018 - 59
Independent Banker - August 2018 - 60
Independent Banker - August 2018 - 61
Independent Banker - August 2018 - 62
Independent Banker - August 2018 - 63
Independent Banker - August 2018 - 64
Independent Banker - August 2018 - 65
Independent Banker - August 2018 - 66
Independent Banker - August 2018 - 67
Independent Banker - August 2018 - 68
Independent Banker - August 2018 - 69
Independent Banker - August 2018 - 70
Independent Banker - August 2018 - 71
Independent Banker - August 2018 - 72
Independent Banker - August 2018 - 73
Independent Banker - August 2018 - 74
Independent Banker - August 2018 - 75
Independent Banker - August 2018 - 76
Independent Banker - August 2018 - 77
Independent Banker - August 2018 - 78
Independent Banker - August 2018 - 79
Independent Banker - August 2018 - 80
Independent Banker - August 2018 - 81
Independent Banker - August 2018 - 82
Independent Banker - August 2018 - 83
Independent Banker - August 2018 - 84
Independent Banker - August 2018 - 85
Independent Banker - August 2018 - 86
Independent Banker - August 2018 - 87
Independent Banker - August 2018 - 88
Independent Banker - August 2018 - 89
Independent Banker - August 2018 - 90
Independent Banker - August 2018 - 91
Independent Banker - August 2018 - 92
Independent Banker - August 2018 - 93
Independent Banker - August 2018 - 94
Independent Banker - August 2018 - 95
Independent Banker - August 2018 - 96
Independent Banker - August 2018 - 97
Independent Banker - August 2018 - 98
Independent Banker - August 2018 - 99
Independent Banker - August 2018 - 100
Independent Banker - August 2018 - 101
Independent Banker - August 2018 - 102
Independent Banker - August 2018 - Cover3
Independent Banker - August 2018 - Cover4
https://www.nxtbook.com/mspc/independentbanker/october2024
https://www.nxtbook.com/mspc/independentbanker/september2024
https://www.nxtbook.com/mspc/independentbanker/august2024
https://www.nxtbook.com/mspc/independentbanker/july2024
https://www.nxtbook.com/mspc/independentbanker/june2024
https://www.nxtbook.com/mspc/independentbanker/may2024
https://www.nxtbook.com/mspc/independentbanker/april2024
https://www.nxtbook.com/mspc/independentbanker/march2024
https://www.nxtbook.com/mspc/independentbanker/february2024
https://www.nxtbook.com/mspc/independentbanker/january2024
https://www.nxtbook.com/mspc/independentbanker/december2023
https://www.nxtbook.com/mspc/independentbanker/november2023
https://www.nxtbook.com/mspc/independentbanker/october2023
https://www.nxtbook.com/mspc/independentbanker/september2023
https://www.nxtbook.com/mspc/independentbanker/august2023
https://www.nxtbook.com/mspc/independentbanker/july2023
https://www.nxtbook.com/mspc/independentbanker/june2023
https://www.nxtbook.com/mspc/independentbanker/may2023
https://www.nxtbook.com/mspc/independentbanker/april2023
https://www.nxtbook.com/mspc/independentbanker/march2023
https://www.nxtbook.com/mspc/independentbanker/february2023
https://www.nxtbook.com/mspc/independentbanker/january2023
https://www.nxtbook.com/mspc/independentbanker/december2022
https://www.nxtbook.com/mspc/independentbanker/november2022
https://www.nxtbook.com/mspc/independentbanker/october2022
https://www.nxtbook.com/mspc/independentbanker/september2022
https://www.nxtbook.com/mspc/independentbanker/august2022
https://www.nxtbook.com/mspc/independentbanker/july2022
https://www.nxtbook.com/mspc/independentbanker/june2022
https://www.nxtbook.com/mspc/independentbanker/may2022
https://www.nxtbook.com/mspc/independentbanker/april2022
https://www.nxtbook.com/mspc/independentbanker/march2022
https://www.nxtbook.com/mspc/independentbanker/february2022
https://www.nxtbook.com/mspc/independentbanker/january2022
https://www.nxtbook.com/mspc/independentbanker/december2021
https://www.nxtbook.com/mspc/independentbanker/november2021
https://www.nxtbook.com/mspc/independentbanker/october2021
https://www.nxtbook.com/mspc/independentbanker/september2021
https://www.nxtbook.com/mspc/independentbanker/august2021
https://www.nxtbook.com/mspc/independentbanker/july2021
https://www.nxtbook.com/mspc/independentbanker/june2021
https://www.nxtbook.com/mspc/independentbanker/may2021
https://www.nxtbook.com/mspc/independentbanker/april2021
https://www.nxtbook.com/mspc/independentbanker/march2021
https://www.nxtbook.com/mspc/independentbanker/february2021
https://www.nxtbook.com/mspc/independentbanker/january2021
https://www.nxtbook.com/mspc/independentbanker/december2020
https://www.nxtbook.com/mspc/independentbanker/november2020
https://www.nxtbook.com/mspc/independentbanker/october2020
https://www.nxtbook.com/mspc/independentbanker/september2020
https://www.nxtbook.com/mspc/independentbanker/august2020
https://www.nxtbook.com/mspc/independentbanker/july2020
https://www.nxtbook.com/mspc/independentbanker/june2020
https://www.nxtbook.com/mspc/independentbanker/may2020
https://www.nxtbook.com/mspc/independentbanker/april2020
https://www.nxtbook.com/mspc/independentbanker/march2020
https://www.nxtbook.com/mspc/independentbanker/february2020
https://www.nxtbook.com/mspc/independentbanker/january2020
https://www.nxtbook.com/mspc/independentbanker/december2019
https://www.nxtbook.com/mspc/independentbanker/november2019
https://www.nxtbook.com/mspc/independentbanker/october2019
https://www.nxtbook.com/mspc/independentbanker/september2019
https://www.nxtbook.com/mspc/independentbanker/august2019
https://www.nxtbook.com/mspc/independentbanker/july2019
https://www.nxtbook.com/mspc/independentbanker/june2019
https://www.nxtbook.com/mspc/independentbanker/may2019
https://www.nxtbook.com/mspc/independentbanker/april2019
https://www.nxtbook.com/mspc/independentbanker/march2019
https://www.nxtbook.com/mspc/independentbanker/february2019
https://www.nxtbook.com/mspc/independentbanker/january2019
https://www.nxtbook.com/mspc/independentbanker/december2018
https://www.nxtbook.com/mspc/independentbanker/november2018
https://www.nxtbook.com/mspc/independentbanker/october2018
https://www.nxtbook.com/mspc/independentbanker/september2018
https://www.nxtbook.com/mspc/independentbanker/august2018
https://www.nxtbook.com/mspc/independentbanker/july2018
https://www.nxtbook.com/mspc/independentbanker/june2018
https://www.nxtbook.com/mspc/independentbanker/may2018
https://www.nxtbook.com/mspc/independentbanker/april2018
https://www.nxtbook.com/mspc/independentbanker/march2018
https://www.nxtbook.com/mspc/independentbanker/february2018
https://www.nxtbook.com/mspc/independentbanker/january2018
https://www.nxtbook.com/mspc/independentbanker/december2017
https://www.nxtbook.com/mspc/independentbanker/november2017
https://www.nxtbook.com/mspc/independentbanker/october2017
https://www.nxtbook.com/mspc/independentbanker/september2017
https://www.nxtbook.com/mspc/independentbanker/august2017
https://www.nxtbook.com/mspc/independentbanker/july2017
https://www.nxtbook.com/mspc/independentbanker/june2017
https://www.nxtbook.com/mspc/independentbanker/may2017
https://www.nxtbook.com/mspc/independentbanker/april2017
https://www.nxtbookmedia.com