Financial institutions face ever-increasing and ever-more complex cybercrime risks. Protection solutions need to become increasingly clever and sophisticated.
In light of recent crises, banks are more acutely aware of their contractual obligations and reputations, and indeed, tightening national and international regulations oblige them to be more stringent in terms of compliance measures. A frequently-used means of protection is Data Leakage Prevention (DLP), which is based on building IT fortresses and deploying network perimeter security technology solutions against leaks or breaches.
Is DLP enough?
As some of those currently employing DLP solutions may be only too aware, common DLP technologies have limits, since they focus only on data transfer actions. When it comes to protection against malicious, accidental, unintentional or inadvertent cyber-attacks and internal fraud, the user activity indicating it may be more subtle. Moreover, the numbers and types of people with various levels of access are difficult to control, particularly with recent cost-cutting trends towards outsourcing.
For example, DLP blockages may be largely ineffectual in the face of employee or contractors’ actions like:
- A manager who copies a bank’s client information;
- An IT administrator who creates a fictional user account for a “friend”;
- An administrator who is “curious” about the assets of elderly clients; or even
- A colleague of the database administrator who makes small transactions on an elderly client’s dormant account.
A better solution
To identify, prevent and/or audit such situations requires a more global approach to suspicious behavior versus simply focussing on potential data exit points. It is necessary to understand, monitor and analyse behaviors of all users from business (front and back office) lines as well as from IT.
This can be achieved through continuous real-time intelligent behavioral analysis software tools that non-intrusively operate across all channels and products.
Such tools represent a state-of-the-art means for monitoring, controlling and auditing operational risks while guaranteeing compliance obligations. By seeing beyond leakages to the behaviors leading up to them, financial institutions are able to be far more proactive in the face of their greatest risks.