Financial Sector Insider Threat: Master Key Compromise

A camera tracks a bank manager walking into the vault at his branch. The cash that was in there is gone. A note lies on the floor – a calling card from a notorious criminal enterprise. A group wearing masks of Queen Elizabeth II hold up a van transporting funds and make off with thousands.

If Hollywood were to film a bank heist now, it would look a little different. There would likely be many more shots of fingers on keyboards, as cyberattacks have become a more pressing problem for financial institutions. These attacks may also come from a source closer to home.

In August 2020, South African PostBank became aware of breaches dating back to December 2018. A group of rogue employees had stolen the host master key, which banks use to generate and protect all keys on their platform. The employees used it to access customer bank accounts directly, making 25,000 fraudulent transactions and stealing $3.2 million. The breach meant PostBank had to replace 12 million customer cards, which reportedly cost the company $60 million. Attacks like this are becoming much more prevalent.

The pandemic has accelerated the issue of insider threats for organizations. Verizon reports that 30% of breaches in 2020 were caused by an insider threat, and the Ponemon Institute reported a 47% increase in incidents caused by insiders between 2018 and 2020.

Financial institutions are particularly vulnerable to this kind of threat. They rely on customers trusting them with personal and financial information – information that is stringently controlled by regulations globally. To give some context, the average employee at a financial institution has access to 11 million files the moment they walk in the door.

If this threat is growing, what can financial institutions do to combat it? Mitigating insider threats relies on a number of key areas, including employee and contractor screening, behavioral monitoring, organizational awareness, personnel awareness, information-centric principles (ensuring the security of information rather than networks) and physical security. PostBank failed on every front.

Training personnel with Cyber Crisis Simulator

Educating your staff on how to define, detect, identify, assess and manage insider threats requires exercising them with real-world examples. This allows individuals to practice making decisions using a variety of techniques and employing their situational awareness. This in turn develops muscle memory around managing an insider threat crisis.

With the looming risk of insider threats to financial organizations, preparing to respond has never been more important.

To see the Cyber Crisis Simulator in action, book a demo today.