Insider threats reverberate throughout financial industry amid big resignation

Employee departures (due to layoffs or “big quit” type departures) can impact financial firms and their customers.

This is part two of a two-part series examining the lessons learned from the Cash App breach. Click here to read part one, “Cash App breach demonstrates threat posed by past and current employees.”

The recent news that the investment unit of Cash App has been the victim of an insider attack has not only affected the customers of this financial application. It served as a reminder of how increasing employee departures (due to layoffs or “big quit” departures) can impact financial firms and their customers.

Last week, a filing with the Securities and Exchange Commission (SEC) revealed that a former Cash App investment employee exposed customer data from 8 million accounts in December.

“This type of breach occurs more widely than most people realize and is a classic example of why quickly removing privileged access during employee layoffs is an essential feature of strong cybersecurity programs. “said Andrew Moyad, CEO of Shared Assessments.

One of the most common findings in Service Organization Controls (SOC) reports over the past decade has been the lack of timely revocations when an employee is terminated. As Moyad said, “Block, Inc. (the parent of Cash App) is not alone here.”

“Unfortunately, with such an industry focus on investing in technology solutions to fend off ‘malware, ransomware and other external attack vectors,’ we often overlook the insider threat and risk factors humans as the predominant cause of security breaches,” Moyad mentioned.

This fact is compounded by the fact that financial services are among the sectors most targeted by cybercriminals. This is driving increased burdens on security teams across the industry, especially as many organizations shift to digital services to meet customer demand.

Therefore, insider attacks are “a stark reminder that network hardening also needs to focus more on the inside of an organization, not just against outside threats,” says Moyad. Large or small, no organization is immune to this type of risk, and it is one of the most common security challenges for any organization.

The complexity of ensuring that all employee access is removed in a timely manner upon termination of employment is rarely an easy task. According to Okta’s research, the average enterprise has dozens of individual apps deployed, and large organizations typically have hundreds.

Josh Yavor, CISO for Tessian, said the payments industry is much more “mature and highly regulated” than other peers. “Generally speaking, payment providers are more likely to manage this class of risk effectively than organizations in other markets,” he added.

That said, no control is ever perfect and some level of risk always exists. This may be compounded among financial organizations seeing a rapid transition to digital services, amid increased targeting by bad actors. Erfan Shadabi, cybersecurity expert at data security specialist Comforte AG, pointed out that the data breach incident Block disclosed about a former employee who uploaded highly sensitive customer information heightens the threat posed. by “internal work”.

“We often focus on threat actors working outside of our perimeters trying to penetrate the corporate environment and thereby compromise data,” Shadabi said. “But the people on the inside have a head start because they usually have access to the internal network environment and computing resources.”


Comments are closed.