For many companies, the focus on cybersecurity is external hackers and external breaches. How important is it for banks to monitor internal risks, too, and what are some ways you’ve heard of their doing so?
As appeared in the Cleveland Fed Digest's Ask the Expert on 04.18.2017
As technology continues to enable insider threats—concentrating access to sensitive information and critical processes such as customer information databases, an entity’s proprietary information, and more—monitoring insider risk is extremely important. If appropriate controls are not in place, it’s easy for individuals to move information outside of a company. Cyber criminals understand the value of insider knowledge and attempt to collude with or take advantage of insiders—or are insiders themselves. Information technology professionals account for half of all insider issues.
Companies mitigate these risks by training employees to identify phishing and by taking other precautions such as employing the “least privilege concept,” whereby employees have access to only the information they need to do their jobs. Employee behavioral analysis is newer. It utilizes specialized software to look for patterns in how employees are conducting work, for example, where they are working and/or whether they’re moving abnormal volumes of files. Similarly, data loss prevention strategies include software that monitors email to help detect and prevent employees’ sharing confidential information.
Check out more
Jason Tarnowski leads the Cleveland Fed’s risk supervision, surveillance, and analytics function. His team monitors cybersecurity, macroeconomic conditions, compliance risk, credit risk, and more.
You’re here today.
Don’t miss what we produce next. Subscribe.
Cleveland Fed Digest delivers Cleveland Fed work right to your inbox once a month. Read, download, and explore just some of what the Cleveland Fed offers the public, from economic research and special reports on housing, banking, and labor markets to community development analyses and graphics that examine issues and illustrate trends. Of course, you can also check out all of our published work anytime right here on clevelandfed.org. If you’re not yet a subscriber to Cleveland Fed Digest, share your email address with us to receive the e-newsletter each month. We welcome your feedback, too! Contact email@example.com with questions or comments.
Rest assured, we do not sell or share your email address, and you may unsubscribe at any time.