Skip to main content
Banner for the Cleveland Fed Digest: Get to know us

For many companies, the focus on cybersecurity is external hackers and external breaches. How important is it for banks to monitor internal risks, too, and what are some ways you’ve heard of their doing so?

Jason Tarnowski
Jason Tarnowski, Vice President, Risk Supervision, Surveillance, and Analytics Function

As appeared in the Cleveland Fed Digest's Ask the Expert on 04.18.2017

Issue #2 | April 18, 2017

As technology continues to enable insider threats—concentrating access to sensitive information and critical processes such as customer information databases, an entity’s proprietary information, and more—monitoring insider risk is extremely important. If appropriate controls are not in place, it’s easy for individuals to move information outside of a company. Cyber criminals understand the value of insider knowledge and attempt to collude with or take advantage of insiders—or are insiders themselves. Information technology professionals account for half of all insider issues.

Companies mitigate these risks by training employees to identify phishing and by taking other precautions such as employing the “least privilege concept,” whereby employees have access to only the information they need to do their jobs. Employee behavioral analysis is newer. It utilizes specialized software to look for patterns in how employees are conducting work, for example, where they are working and/or whether they’re moving abnormal volumes of files. Similarly, data loss prevention strategies include software that monitors email to help detect and prevent employees’ sharing confidential information.

Check out more

Jason Tarnowski leads the Cleveland Fed’s risk supervision, surveillance, and analytics function. His team monitors cybersecurity, macroeconomic conditions, compliance risk, credit risk, and more.

Cleveland Fed Digest delivers Cleveland Fed work right to your inbox once a month. Read, download, and explore just some of what the Cleveland Fed offers the public, from economic research and special reports on housing, banking, and labor markets to community development analyses and graphics that examine issues and illustrate trends. Of course, you can also check out all of our published work anytime right here on If you’re not yet a subscriber to Cleveland Fed Digest, share your email address with us to receive the e-newsletter each month. We welcome your feedback, too! Contact with questions or comments.

Rest assured, we do not sell or share your email address, and you may unsubscribe at any time.