home.aspx
 
. Resources/Whitepapers/8a6f1506-122c-4a3a-bcf3-023c33adb695_insider-threat-best-practices-guide.pdf
whitepaper
INSIDER THREAT BEST PRACTICES GUIDE, 2ND EDITION FEBRUARY 2018
Financial institutions have long been especially lucrative targets for insider attacks, but with the computerization of firm systems and assets, attacks can now be launched on a grander scale than ever before. Insider attacks on firms’ electronic systems can result in financial and intellectual property theft, damaged or destroyed assets, and firm-wide disruption to internal systems and customer operations. Preventing and detecting attacks, however, has proven to be difficult, as insiders are often able to capitalize on their familiarity with firm systems to launch attacks without attracting notice. Further, the risk of unintentional insider incidents continues to increase as firms expand the number of personnel authorized to access sensitive information to meet business needs. At its core, insider threat is just as much a human problem as it is a technology one. A systemized, targeted program is therefore necessary to combat insider threat risks. The purpose of this report is threefold: (1) to assist financial firms in developing effective insider threat programs by identifying and discussing best practices; (2) to act as a reference for regulators to better understand the insider threat at financial institutions; and (3) to help financial firms measure their insider threat program’s effectiveness. DOWNLOAD