Insider Threat at a Global Financial Services Firm
Insider Threat. Immediate Containment.
Overview
Employees at financial services companies often have access to sensitive customer data. Without effective controls and monitoring, this access can lead to risks like unauthorized access or insider threats. In one case, a financial services firm uncovered unauthorized activity linked to a departing employee who had elevated access to client communications and confidential financial records. Before leaving the organization, the insider manipulated email forwarding rules and exported sensitive information, exposing the company to significant legal, financial, and reputational risks.
Challenge
The insider had access to executive mailboxes, CRM platforms, and internal financial reports. A subtle abuse of privileges allowed them to exfiltrate data without triggering alerts. The activity was discovered during an internal audit, just days after the employee’s last official day, raising urgent concerns about what was taken and whether client funds or communications had been compromised.
PNG Cyber’s Response
Forensic Investigation and Analysis
PNG Cyber was engaged to investigate and contain the incident. Our team conducted comprehensive email and endpoint analysis to determine the scope and timeline of the unauthorized activity. During the investigation, we uncovered unauthorized mail forwarding rules and evidence that business-sensitive data had been transferred to personal cloud storage accounts. We provided a comprehensive forensic report detailing the timeline, systems, and affected files, enabling counsel to assess the potential exposure. This ultimately helped the client understand their potential risks.
Coordination and Process Improvement
In parallel, we coordinated with HR and Legal teams to implement a more secure offboarding process.
Control Implementation and Risk Reduction
Finally, we collaborated with the client to develop and deploy a combination of logical, physical, and technical controls designed to minimize future insider threat risks.
Results
Provided timely and well-documented forensic analysis for legal & regulatory review.
Revamped the client’s employee offboarding procedure to prioritize security.
Hardened email security configurations and enhanced detection of unauthorized forwarding and data exfiltration attempts.
Provided technical recommendations such as endpoint monitoring & alerting.
Client cyber resilience was significantly improved through the implementation of layered technical, procedural, and administrative controls, reducing the risk of future insider incidents.
