PAPER

External threats for cyber terrorism are a lesser worry for financial institutions when

compared to internal threats. The primary causation for an insider threat is not malicious, it is

accidentally exploited by an unknowing employee. According to a 2016 study prepared by the

Ponemon Institute, among a total of 874 cyber attacks, 568 were caused by employee

ignorance (Ponemon, 2016). These data breaches can come from employees not respecting

their company’s internal controls. Some examples of this include sharing passwords, using an

unsecured internet connection, and/or using a business device without a password. Companies

often give unrestricted and excessive access to more employees than required. Although

human error is the leading cause of cyber attacks, there are certainly attacks with harmful intent.

Some insider threats result from an anger-driven employee or a current employee trying

to gain extra income. This category separates itself from human error to the intention of harming

the institution. A current employee with an immense amount of access will have knowledge of

exactly what resides on the networks and how to gain access to them. Employees may engage

in this to commit fraud, destroy or manipulate data, or disclose sensitive information. In 2018, a

study reported that 90 percent of cybersecurity professionals stated that their company is

vulnerable to malicious insider threats (Insider, 2018).

Many financial institutions do not have the appropriate controls to detect and prevent a

cyber attack. The cost to implement a high-scale security system can be too expensive for some

institutions, but receiving an attack is often more costly. The average cyber attack in 2018 cost

the company an estimated five million dollars (CSO, 2018). A company that gets attacked may

fall into bankruptcy if they do not have a large income. This is forcing companies to maintain the

best cyber defense within their allowance.

The most basic steps that will improve cyber security will make it more difficult for

hackers to find vulnerabilities. Training staff members on the potential of an attack is critical.
Employees need to be taught to strictly obey the companies controls to limit the possibility of

attack. The environment of vulnerabilities is constantly changing which will require companies to

constantly update and test the staff. With human error being the most likely causation,

educating employees will be effective.

ALi, Zehra. “Insider Threats - 2018 Statistics.” United States Cybersecurity Magazine, 21
Feb. 2019, www.uscybersecurity.net/insider-threats-2018-statistics/.

“Insider Report.” United States Cybersecurity Magazine, 6 June 2018,

www.ca.com/content/dam/ca/us/files/ebook/insider-threat-report.pdf.

Fruhlinger, Josh. “Top Cybersecurity Facts, Figures and Statistics for 2018.” CSO
Online, CSO, 10 Oct. 2018, www.csoonline.com/article/3153707/top-cybersecurity