Insiders, not crooks, still biggest security threat

New research findings suggest that insiders - not gangs of cyber criminals - pose the biggest threat to financial service providers' systems and data.

The Insider Threat Study, a joint initiative between the US Secret Service and Carnegie Mellon University Software Engineering Institute's CERT Coordination Center, is the first in a series of seven reports examining insider attacks on information and systems across a range of business areas.

Focusing specifically on insider attacks at banking and financial services, the study examined 23 insider attacks against financial service providers between 1996 and 2003, and revealed the need for "in-depth risk analysis" to reduce the risk of further attacks.

The report claimed that most attacks used unsophisticated technologies to gain access, and occurred during normal working hours on the victim company's own premises.

CERT also discovered that insider attacks were mainly motivated by financial gain, with some financial institution losses valued at $500,000 or more.

"Financial service providers should conduct an inventory into individuals with a fiscal interest in the company's future, and determine whether they possess the technical ability to damage systems or misuse information," recommended CERT.

But while agreeing with the report's findings, Gartner analyst Richard J. De Lotto said the research sample of 23 attacks was too small to be conclusive, and that investigations are being hampered by the reluctance of most financial institutions to admit when they have been attacked.

"Insider threats will never be eliminated completely until all financial institutions talk openly to regulators, the media and law enforcement agencies," he told vnunet.com.

"Most feel its reputation would be damaged by admitting vulnerability; therefore analysts will never know the true scope of insider attacks."