Financial sector employees less likely to pose insider threat, but concerns remain

Financial firms have long prided themselves on vetting their employees and taking steps to prevent against cyber threats that their own employees might pose, intentional or otherwise.

But as more companies are calling employees back to the office and the Great Resignation continues to impact virtually all sectors, financial firms must consider more carefully whether their salaried or contract employees are fully engaged in protecting their access.

Headline-grabbing attacks like the recent Okta compromise — which apparently came as a result of a contract engineer’s laptop being hijacked — point to the risks that may be more common as all industries struggle with adjusting to the “new normal” in the workplace, where employees are often frustrated with having to return to the office and potentially less careful about their cyber hygiene.

While many surveys and anecdotes have indicated that the vast majority of insider threats come from negligence or naivete in employees protecting their access to work data and networks, that may be changing. As a labor shortage and pandemic-incited job frustration combines with fear of job loss in the wake of recent layoffs, 4.3 million Americans quit their jobs in February alone, according to labor statistics.

According to a recent study by Beyond Identity, 83% of former employees across all sectors continue to access information from their previous companies, and 56% of those former employees are doing so with “malicious intent.” Even worse, 7 out of 10 employees who were fired persist in using their access with nefarious plans in mind. Roughly 12% of the more than 1,000 people surveyed for the study were from the financial industry.

“It was extremely surprising to learn that nearly 1 in 5 finance employees said their previous company’s digital security was not at all secure,” said Jasson Casey, chief technology officer at Beyond Identity. “Given the sensitive nature of financial information, it’s disheartening to learn so many employees did not have cyber-secure workplaces when handling such important information.”

Access to some information may be somewhat innocuous. For example, 31% of former employees across all sectors were collecting contact information for former co-workers and 3 out of 10 were getting saved conversations they had with co-workers, per the Beyond Identity survey. However, 27% went back in to snatch company ideas, 1 in 4 were gathering notes on the work they completed and contact information for clients, and 24% admitted to grabbing corporate financial information, process-related documents and passwords.

"Offboarding" a sore spot for financial industry

For the financial industry, there are a few bright spots (or at least, less dark ones) to these trends. For example, financial industry employees are much less likely to maliciously harm their employers, with just 37% claiming to have do so versus 56% of respondents across all categories. But more troubling is the fact that even in the wake of pandemic-induced layoffs and on-going resignations, only 55% of financial firms had “a formal offboarding process” as compared with 70% of overall enterprises. And 17% of financial industry employees say their “previous company’s digital security was ‘not secure at all.'”

Casey found it surprising that financial employees were far less likely to participate in any kind of official offboarding when they left.

“The workplace has definitely changed since the start of the pandemic when most things went remote, which can make things like offboarding a bit difficult,” he said. “But to see that finance employees were 15% less likely than average to have formal offboarding is shocking and concerning.”

Also concerning: 13% of financial industry employees still have access to their previous employer’s financial information; and they are much more likely than those employed in other fields to have made copies of their previous company’s pay stubs or tax information, with 1 in 5 financial employees saying they’ve done this.

It bears noting that 3 out of 4 of employees across all sectors also say that they have been “negatively impacted” by the security breaches that befall their employers or former employers. This is borne out by other industry-specific research as well. According to a study by the Bank Administration Institute, more than one-third of financial industry employees (37%) say the pandemic has had a negative impact on their mental health, and 22% say it has impacted their overall workload.

Arguably, this should incentivize more financial firms to improve their employee protections and have better processes in place for the employees that leave.

“Leaders appear acutely aware of the issue and yet unsure of exactly how to improve security or practice effective offboarding procedures,” the Beyond Identity report concluded. “It’s safe to say that relatively little is safe at headquarters in this era of mass employee departures.”