Home > Resources > Whitepapers > INSIDER THREAT BEST PRACTICES GUIDE, 2ND EDITION FEBRUARY 2018

INSIDER THREAT BEST PRACTICES GUIDE, 2ND EDITION FEBRUARY 2018

February 21, 2018

Financial institutions have long been especially lucrative targets for insider attacks, but with the computerization of firm systems and assets, attacks can now be launched on a grander scale than ever before. Insider attacks on firms’ electronic systems can result in financial and intellectual property theft, damaged or destroyed assets, and firm-wide disruption to internal systems and customer operations. Preventing and detecting attacks, however, has proven to be difficult, as insiders are often able to capitalize on their familiarity with firm systems to launch attacks without attracting notice. Further, the risk of unintentional insider incidents continues to increase as firms expand the number of personnel authorized to access sensitive information to meet business needs. At its core, insider threat is just as much a human problem as it is a technology one. A systemized, targeted program is therefore necessary to combat insider threat risks. The purpose of this report is threefold: (1) to assist financial firms in developing effective insider threat programs by identifying and discussing best practices; (2) to act as a reference for regulators to better understand the insider threat at financial institutions; and (3) to help financial firms measure their insider threat program’s effectiveness.

I'm For Real

Enter your details once to access all our information and resources

Spotlight

Cycura Inc.

We’re Cycura Inc. We provide advanced, customized, and confidential cyber security services, cyber investigation services, and digital forensic services to governments, companies, and organizations. We focus on these types of services: Security Audits; Forensics and Incident Response; Malware Analysis and Reverse Engineering; Continuous Monitoring; and Security Training Services. What makes us different? Cycura’s approach to security begins in our R&D labs. Our security researchers understand computer code from the inside out. Our experts don’t use garden variety, “off-the-shelf” security tools. Cycura continuously and relentlessly identifies new vulnerabilities, develops new exploits and creates proprietary scanning and monitoring tools and software. The firm serves organizations with particularly high intellectual property (IP) value, as well as critical data protection needs, including: software and technology companies; startups; airports; defense & homeland security; financi

OTHER WHITEPAPERS
news image

API Security: Best Practices for Vulnerability Mitigation

whitePaper | June 6, 2023

API Security: Best Practices for Vulnerability Mitigation provides a hands-on approach to mitigate security vulnerabilities in APIs. The paper emphasizes the importance of implementing security measures that protect the API and underlying infrastructure. The paper identifies various security vulnerabilities that can arise in APIs and provides detailed guidelines for securing them. These guidelines cover authentication, authorization, input validation, output encoding, error handling, logging, and auditing.

Read More
news image

Nasuni Access Anywhere Security Model

whitePaper | December 20, 2022

The Nasuni Access Anywhere add-on service delivers high-performance, VPN-less file access for remote and hybrid users, integrates an organization’s file shares with Microsoft Teams, and provides productivity tools such as desktop synchronization and external file and folder sharing to enhance user productivity and provide access to files seamlessly from anywhere on any device. This white paper outlines the security elements of the Nasuni Access Anywhere service.

Read More
news image

Cybersecurity Considerations for Distributed Energy Resources on the U.S. Electric Grid

whitePaper | October 26, 2022

To address the impacts of climate change, the U.S. electric grid will be undergoing significant changes by integrating clean energy resources such as solar and wind. These efforts will be accelerated with the recent passage of the Infrastructure Investment and Jobs Act1 and the Inflation Reduction Act.

Read More
news image

The State of ICS/OT Cybersecurity in 2022 and Beyond

whitePaper | October 26, 2022

The industrial control system (ICS)/operational technology (OT) security community is seeing attacks that go beyond traditional attacks on enterprise networks. Given the impacts to ICS/OT, fighting these attacks requires a different set of security skills, technologies, processes, and methods to manage the different risks and risk surfaces, setting ICS apart from traditional IT enterprise networks.

Read More
news image

Apple Platform Security

whitePaper | May 26, 2022

Apple designs security into the core of its platforms. Building on the experience of creating the world’s most advanced mobile operating system, Apple has created security architectures that address the unique requirements of mobile, watch, desktop, and home.

Read More
news image

2022 Trends in Securing Digital Identities

whitePaper | August 22, 2022

Managing the ecosystem of identities accessing enterprise resources has only gotten more complicated during the past several years. Between the increasing number of identities, the challenges posed by phishing attacks, and the continued growth of cloud adoption, enterprises are under pressure to ensure the army of remote workers, contractors, and employees accessing network resources are doing so securely and successfully.

Read More

API Security: Best Practices for Vulnerability Mitigation

whitePaper | June 6, 2023

API Security: Best Practices for Vulnerability Mitigation provides a hands-on approach to mitigate security vulnerabilities in APIs. The paper emphasizes the importance of implementing security measures that protect the API and underlying infrastructure. The paper identifies various security vulnerabilities that can arise in APIs and provides detailed guidelines for securing them. These guidelines cover authentication, authorization, input validation, output encoding, error handling, logging, and auditing.

Read More

Nasuni Access Anywhere Security Model

whitePaper | December 20, 2022

The Nasuni Access Anywhere add-on service delivers high-performance, VPN-less file access for remote and hybrid users, integrates an organization’s file shares with Microsoft Teams, and provides productivity tools such as desktop synchronization and external file and folder sharing to enhance user productivity and provide access to files seamlessly from anywhere on any device. This white paper outlines the security elements of the Nasuni Access Anywhere service.

Read More

Cybersecurity Considerations for Distributed Energy Resources on the U.S. Electric Grid

whitePaper | October 26, 2022

To address the impacts of climate change, the U.S. electric grid will be undergoing significant changes by integrating clean energy resources such as solar and wind. These efforts will be accelerated with the recent passage of the Infrastructure Investment and Jobs Act1 and the Inflation Reduction Act.

Read More

The State of ICS/OT Cybersecurity in 2022 and Beyond

whitePaper | October 26, 2022

The industrial control system (ICS)/operational technology (OT) security community is seeing attacks that go beyond traditional attacks on enterprise networks. Given the impacts to ICS/OT, fighting these attacks requires a different set of security skills, technologies, processes, and methods to manage the different risks and risk surfaces, setting ICS apart from traditional IT enterprise networks.

Read More

Apple Platform Security

whitePaper | May 26, 2022

Apple designs security into the core of its platforms. Building on the experience of creating the world’s most advanced mobile operating system, Apple has created security architectures that address the unique requirements of mobile, watch, desktop, and home.

Read More

2022 Trends in Securing Digital Identities

whitePaper | August 22, 2022

Managing the ecosystem of identities accessing enterprise resources has only gotten more complicated during the past several years. Between the increasing number of identities, the challenges posed by phishing attacks, and the continued growth of cloud adoption, enterprises are under pressure to ensure the army of remote workers, contractors, and employees accessing network resources are doing so securely and successfully.

Read More
More Whitepapers

Spotlight

Cycura Inc.

We’re Cycura Inc. We provide advanced, customized, and confidential cyber security services, cyber investigation services, and digital forensic services to governments, companies, and organizations. We focus on these types of services: Security Audits; Forensics and Incident Response; Malware Analysis and Reverse Engineering; Continuous Monitoring; and Security Training Services. What makes us different? Cycura’s approach to security begins in our R&D labs. Our security researchers understand computer code from the inside out. Our experts don’t use garden variety, “off-the-shelf” security tools. Cycura continuously and relentlessly identifies new vulnerabilities, develops new exploits and creates proprietary scanning and monitoring tools and software. The firm serves organizations with particularly high intellectual property (IP) value, as well as critical data protection needs, including: software and technology companies; startups; airports; defense & homeland security; financi

Events

Nordic IT Security Event

Conference