News

Mitigating Human Error and Insider Breaches – Can Banks Avoid a Million Dollar Mistake?

Human error by nature is not error-proof, but smart IT security investments can help smaller banks avoid costly mistakes.

August 21, 2018
EmailTwitterLinkedIn

Regional banks risk losing millions of dollars, invaluable data records, and lasting damage to their reputations due to human error. While cybersecurity threats loom large for big banks, regional banks face disproportionate risk. Unlike their large-scale counterparts, regional banks are often challenged with small-scale security infrastructure.

What can you do to mitigate your risk?

Understand your vulnerabilities 

Technology makes security processes easier for end users. Human error stems from outdated processes, lack of training, under-resourced support teams, and inadequate oversight. There is always the issue of malicious intent from existing and former employees. Even regional bank leaders like SunTrust suffered breaches by former employees, in their case, compromising the data of over 1.5 million of the firm’s customers. Insider breaches are pervasive — Verizon´s Data Breach Investigations Report found that half of data security breaches are rooted with insiders, those acting unconsciously (through employee negligence) and maliciously (for profit). You need to take stock of your bank’s security shortcomings from the standpoint of insiders to prioritize for your current risk level.

Change your mindset

Firms can’t rely solely on error-proofing their operations — that approach does not fully capture today’s current data environment. Regional banks must adapt to meet the growing costs of data protection, regulatory compliance, and the ripple effects of a breach. The opportunity cost of a breach that erodes market share, consumer confidence, and trust over proactive security investment is too great to ignore.

Staffing needs and engaging data security providers is quickly becoming part of the cost of doing business for smaller banks. Given that they are seen as an easy entry point into financial systems, they have quickly become a target for threat actors. Some regulators, like The New York Department of Financial Services, are even mandating tighter cybersecurity rules, including increased full-time staffing of information security officers.

Shift towards automated processes, IAM, and PAM

You can’t completely error-proof your firm, however, investing in automation, technology, and people help to manage your risk profile. Smart technologies and analytic tools abound to cross-check payments, govern data, perform audit trails, and manage access. Deploying identity and access management (IAM) and privileged access management (PAM) helps ensure proper data governance and access.

These, in turn, help ensure security policies are being employed and followed. Because users need new or updated access, firms must tighten provisioning policies so former employees are immediately removed from access.

Do you know your regional bank’s largest security vulnerabilities?

Talk to our team of data experts about how you can mitigate your insider risk.

Stay in the loop

Join our mailing list and get notified of the latest SPHEREinsights