Privilege Access Abuse can be the downfall of a financial institution

header image

The financial industry has always been a prime target for cybercriminals. As criminals are quickly growing more sophisticated, financial institutions must step up their cybersecurity approach and focus not just on gating data but on inside threats - specifically, those that have a root in access privilege abuse.

Sachin Vaidya, a fintech cybersecurity expert with more than 23 years of experience in cybersecurity for various financial institutions, said the most significant issue faced by the financial sector is ransomware threats. 

“Ransomware continues to be a big threat because it lingers in the environment even after it’s believed to be eradicated,” Vaidya says.

Vaidya added that the constant movement of users from one platform to another and one technology solution to another makes it very difficult to track what an individual user is doing at any given time.  

What is needed is an easy-to-digest 360-degree view of what all users are doing at any given time. This is invaluable because the weakest link in any cybersecurity program is the individual user. 

According to Vaidya, phishing and malware remain continuous threats, and it all comes down to Individual user behavior, like clicking on a malicious link in an email. That click on a bad email remains one of the most common ways financial institutions are compromised.” 

Mergers and acquisitions are dangerous cybersecurity territory to navigate

The financial sector is a very dynamic environment. Mergers and acquisitions are common, and account managers often move from bank to bank during their careers. Sometimes smaller financial institutions are acquired by larger companies, merging staff and culture. In those situations, proper on- and off-boarding is crucial to cybersecurity. 

“Onboarding is going quite well, but offboarding still requires a lot of work, and it’s impossible or very time-consuming to do this manually, especially if you don’t know exactly how many users you have because you just merged,” Vaidya said. “We see a common pattern of users getting off-boarded but still having a residual footprint in the old environment.” That’s an open door to a cyber attack. 

With a merger comes the more or less smooth meshing of two different corporate cultures and IT departments that have to agree on new processes and workflows.  

Common post-merger cybersecurity risks: 

  • Leftover open credentials from users who no longer work for the organization. 

  • Shadow profiles in cloud platforms that have not been discovered and shut down.

  • No longer employed users with credentials to various parts of the environment. 

  • A former employee may have taken data from personal devices (phones and laptops). 

  • Undetected pre-merger users may now have access to the new environment. 

  • Perhaps former employees had broader data access than was intended and may have taken more data with them as they moved on. 

  • There may be inactive privileged users still in the environment. 

  • Some users may no longer need the privileged access they had pre-merger. But it migrated to the new environment. 

Once the merger is complete, it’s crucial to examine all the new users in detail in the new environment.

“This is what IOD’s solution can do: it allows us to take a look at all the users, a pane of view if you will, for us to detect and immediately mitigate any unwanted activity,” Vaidya said. “IOD also makes it very easy to organize the user information, chart it out and present it as we move forward.”

Banking is a relationship business where reputation means everything.

When financial institution employees change organizations, they often take some of their accounts and connections with them: they take data with them - sometimes for good and sometimes for more sinister reasons. 

“We need to know what they took and how they may use it,” Vaidya said. “If an individual leaves one organization and takes contact data with them on their phone or a laptop, what happens if that data is sold on the dark web? Who’s then responsible?”

IOD prevents a user from making a download of data. Not only does that help the financial organization stay compliant, it prevents IT  from giving too much access to privileged users as the structure of the merged organization takes shape. 

“We can automate that process using the IOD platform, saving us a tremendous amount of staff time,” Vaidya said. “We see big savings on soft costs.” 

Data in the financial industry is personally identifiable information (PII) - it’s some of the most sensitive data managed, and there are huge consequences both for the individual and the organization if that data falls into the wrong hands. 

“In California, we have the CCPA regulations to adhere to and it’s very clear that if the sensitive data is abused, then the banks are reliable,” Vaidya said. “Any type of data exfiltration hits the books very hard. It’s not cheap to pay the fines and work on recovering your reputation at the same time.” There is downtime associated with attempted recovery and it may be what prevents an organization from staying in business. 

“For the financial institutions, there is no question that biggest risk is the reputational risk – we have all seen what that can lead to,” Vaidya said. “Today, the speed of a downfall is something that happens overnight. And a downfall is the ultimate consequence of unwanted data exfiltration.”

Related Articles