The improvement of internal banking systems and data warehousing has made it easier for all kinds of banking professionals to service customers, but has also created a major new set of challenges for information and corporate security managers.
The same data and account access that is required to conduct the day-to-day business of servicing customers can be used to launch an extraordinary range of attacks against customer accounts at the bank and elsewhere. As much as we talk about the risk posed by external threats, insider access to customer data and accounts represents a point of compromise that far exceeds that posed by external attacks on sensitive information such as phishing.
Although efforts to protect the customers via review of access policies, scanning for sensitive data, and securing external network defenses are necessary, they are not sufficient to protect against attacks perpetrated by malicious insiders.
Countering the employee fraud threat requires a system that can be deployed quickly to leverage the considerable knowledge of these attacks that exists across the industry and in the heads of individual security professionals and investigators. These systems must proactively identify known fraud, allow nimble investigations of suspicious activity and provide a proven path to deploy more advanced profiling and analysis to protect against less frequent but potentially devastating attacks perpetrated by the more sophisticated malicious insider.