KUALA LUMPUR: The financial services industry has one of the highest rates of insider data breaches despite typically having significant workforce training on cybersecurity best practices in place, said identity security specialist SailPoint.

SailPoint senior vice president of Asia Pacific Chern-Yue Boey said there was a need for a strong identity security strategy to regulate employees' access to prevent situations where employees may intentionally or unintentionally facilitate fraudulent activities by providing unauthorised access or information to scammers.

Boey said banks and other financial institutions, ranging from brokerages and investment management firms to credit unions and credit card processors, were facing significant security, operational and compliance challenges. 

They deal with large amounts of sensitive data and personal identifiable information, making them a prime target for attackers. 

"In the recent news about major banks in Malaysia used by international scammers to dupe victims of millions of ringgit, auditors and frontline officers were found facilitating account opening by scammers, highlighting the need for a robust identity security strategy to govern employees' access," he told NST Business.

However, Boey said most banks have complex corporate structures and departmental silos built up over years of mergers and acquisitions, which hinders the management's visibility of people's roles, responsibilities and data access across different departments. 

He pointed out that problematic spreadsheet-based methods for tracking data access and user identity are still common practice in the industry. 

These manual processes are time-consuming and fraught with potential inaccuracies and inconsistencies, making it difficult to reconcile permissions across divisions and regions. 

"It also turns auditing and reporting into lengthy and costly processes that can inadvertently lead to potential regulatory infringements. 

"The obscurity in manual systems can also open up the possibility for threat actors to take advantage of gaps in the system, which may occur, for example, when someone changes roles or leaves the organisation," he said.

Commenting further, Boey said the financial services industries (FSIs) are multifaceted organisations with numerous departments that need to quickly, accurately and securely process millions of transactions per day. 

He added that these transactions reflect vast quantities of financial and personally identifiable information (PII) that are challenging to manage and make the industry a key target for cybersecurity attacks.

He said progressive banks are looking at effective cybersecurity through identity security to mitigate cyber risks and drive regulatory compliance.

"In Malaysia, Bank Negara Malaysia's Risk Management in Technology (RMiT) requires FSIs to safeguard sensitive data and govern access control."

SailPoint is a leader in identity security for the modern enterprise, empowering complex enterprises worldwide to build a security foundation grounded in identity security. 

The company automates access, delivering only the required access to the right identities and technology at the right time, by harnessing the power of artificial intelligence and machine learning.

SailPoint has over 2,400 customers in 65 countries, with 30 per cent being international and 70  per cent US-based.

It has had a presence in Asia Pacific for the last seven years and is very invested in this region.

The company has about 11 million identities being managed, with its customers among the world's largest companies across several industries including banking, media, utility, technology, biotechnology, financial and insurance sectors.

https://www.nst.com.my/business/2023/06/916970/finance-field-plagued-data-breach