Debate» Amid the ﬁnancial services fallout, THREAT OF
malicious insiders pose the greatest threat.
FOR Enterprises large and small put AGAINST Be it malicious employees or
their implicit trust in employees sophisticated fraud rings, inter- What is it?
every day, and this trust is tested nal and external fraud poses Worms have become
during turbulent times. Happy, substantial risks to banks and increasingly aware of the
content employees who feel consumers. The greatest risk virtual environment. Security
secure in their jobs and satis- becomes a discussion of the researchers have long used
“honeypots” to conduct
ﬁed with their pay seldom pose defenses of the organization.
research on malware. Virtu-
Dan Sarel a real threat. However, when Ori Eisen A screening process for alization is used to provide
vice president founder and chief
times are hard this changes, innovation ofﬁcer,
employees reduces the risk of a controlled and easily repli-
especially in large enterprises hiring a crook. However, the cable honeypot platform.
and ﬁnancial institutions where the stakes are chance of an employee turning bad for the
higher than just skimming the tip jar. sake of greed is always there. How does it work?
Insiders have legitimate ongoing access to However, the risk is immensely greater if Malware developers have
sensitive info and systems, an infrastructure that the bank has insufﬁcient security on its online learned how to detect when
their code is running in a
outsiders need to work very hard to breach. storefront. The reason: for every rogue insid-
Under normal circumstances, insiders lack er, there are thousands of external crooks and then hide themselves.
the motivation to abuse this access, but with waiting to break in. The malware can identify its
jobs being cut, bonuses not paid and increased We have seen a vast increase in phishing hosting platform as virtual-
M&A activity, employees that are normally attacks associated with recent bank mergers ized by looking for certain
trustworthy may decide to take “insurance” in and acquisitions, which take aim at consum- virtualized hardware devices
the form of sensitive info or merely act out of ers. Attacks coming in from the outside identifying BIOS characteris-