Hi, this is Randy Trzeciak of the CERT Insider Threat Center. Recently, we completed a study that revealed insights into the type of insiders who commit insider financial cyber fraud, how they do it, and what they steal. The study, funded by the U.S. Department of Homeland Security (DHS) Science and Technology Directorate, involved 80 real cases of insider cyber fraud in the financial services sector. We conducted the study working with the U.S. Secret Service, the U.S. Department of the Treasury, and project partners from the U.S. financial services sector.

The results are documented in the special report Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector. This report also details the study's methods, its findings on crime profiles and fraud dynamics, and possible mitigation strategies.

The related pamphlet, Insider Fraud in Financial Services, presents an executive summary of the study's findings, examples of real insider crimes, and recommendations to help security and financial professionals prevent, detect, and respond to malicious insider activity.

Every organization in the financial services sector should be aware of the threats posed by malicious insiders. They aren't always who you think they are and there are some best practices you can use to prevent and minimize loss from this type of threat. Download a copy of the report to read more.