Banking Exchange Magazine Logo

Insiders causing breach boom?

Bad insider behavior edges past outside attacks as top culprit

  • |
  • Written by  Website Staff
Insiders causing breach boom?

Financial services organizations are still being breached too often, most frequently by those with insider access, according to the second annual SANS Institute survey on the security of the financial services sector.

The survey report says that 46% of respondents cited abuse or misuse by internal employees or contractors, while 42% cited successful spearphishing attacks as being their most prevalent causes of breaches.

In 2015, avoiding breaches was chosen by 81% of respondents, making it the top driver for information security programs. In the 2014 report, the top driver was meeting compliance. This year, compliance is respondents' second most important driver, while their third top driver is to improve their security and risk management programs overall.

"One of the biggest security problems we're seeing is bad user behavior," says SANS instructor and financial systems security expert G. Mark Hardy. "As a result of their inability to contain user mistakes, financial services companies are learning that compliance doesn't translate to security and are shifting their top priority from compliance to avoiding data breaches."

This shift toward stopping breaches and improving programs was further demonstrated by a trend to spend more on information security. Although one-third of respondents could not quantify their IT security budgets, 41% of those who could were planning to spend 9% or more of their IT budgets on security in FY 2015 compared to 35% making that commitment in FY 2014. Moreover, 58% said they plan to invest more heavily in IT-related security and risk management in the next 24 months.

Download Security Spending And Preparedness In The Financial Sector: A SANS Survey

back to top


About Us

Connect With Us



Belt and Suspenders

Date/Time: October 19, 2:00 CT / 3:00 ET

How Multiple Layers of Defenses Work Together to Keep Your Bank Covered

Cyber threats and attack vectors are ever-changing, especially due to the current geopolitical climate and distribution of data. Financial institutions remain attractive targets for cyber criminals due to the amount of sensitive data they hold. Join CSI’s Director of Product Strategy, Sean Martin, for his insight into why and how institutions should embrace a holistic cybersecurity approach to strengthen their defenses against these evolving threats. You’ll learn: 


This webinar is brought to you by:
OneSpan logo