Community
This latest data security breach at Citi epitomises the many ways in which data can go astray. In a recently publicised case, data was stolen from Citi by external hackers. The culprits in this most recent Citi data loss are believed to be “insiders” who had privileged access to the bank’s systems. If any lesson is to be learnt from this incident, it is the need to have absolutely all bases covered; not just those that seem most at risk. In this context there remains a significant risk from inside the perimeter, as this recent infringement clearly demonstrates, and the insider threat often combines with the external threat through collusion. Whilst most organisations have invested heavily in securing their systems from “external” threats, there has been proportionately less investment in monitoring insiders through user activity auditing and control systems.
This scenario also underlines the importance of user education and getting ‘insiders’ – whether they be employees, subcontractors or third party vendors – to treat company data with the upmost respect and to make it clear to users that controls are in place to identify the source of any data leakage. This is a critical element in any data loss prevention strategy. At the end of the day, no matter what systems and processes a company may implement, if an ‘insider’ wants to steal data, there is a residual risk that they will find a way of doing so. However, they will be disinclined to attempt data theft if they know that they are likely to be found out; either before the event (through automatic generation of alerts) or after the event (through forensic examination of user activity logs).
More generally, and in light of the many diverse threats, organisations need to ensure that they are constantly reviewing their policies, defences and controls. They need to perform regular risk assessments to identify where there is potential for data leakage from insiders and where additional protection therefore needs to be put in place. Crucially, this can enable firms to get to ‘know their insider’ and the risks they represent.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Roman Eloshvili Founder and CEO at XData Group
11 November
Ben O'Brien Managing Director at Jaywing
07 November
Eimear Oconnor COO at Form3 Financial Cloud
Karla Booe Chief Compliance Officer at Zeta Services Inc.
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.