Financial services firm Morgan Stanley publicly admitted on Jan. 5 that it was the victim of an insider data breach. The breach included data on approximately 350,000 Morgan Stanley wealth management clients.
Though data on 350,000 clients was stolen, only a small subset of that number was publicly posted to the Internet. "While there is no evidence of any economic loss to any client, it has been determined that certain account information of approximately 900 clients, including account names and numbers, was briefly posted on the Internet," Morgan Stanley stated. "Morgan Stanley detected this exposure and the information was promptly removed."
According to Morgan Stanley, a limited amount of information was stolen and doesn't include Social Security numbers or account passwords.
Morgan Stanley fired the employee responsible for the theft but did not publicly identify that individual. Morgan Stanley contacted law enforcement, and the company noted that it is conducting an investigation into the incident.
The insider breach at Morgan Stanley was not surprising to security experts whom eWEEK contacted.
"There is one thing that stood out in this case—that nothing stands out," Idan Tendler, CEO of Fortscale told eWEEK. "It's just another classic case of an employee that is a legitimate user and probably has legitimate privileges to access data and exfiltrate sensitive data."
Another reason the insider breach at Morgan Stanley is not surprising, Tendler said, is that even with all the great security technology and all the advanced anti-malware products that are available, it is still extremely difficult to predict and spot malicious insider activity.
At financial services companies, a large majority of users' access data through everyday applications, such as wealth management, portfolio management and even call center apps, to do their jobs, Matt Zanderigo, product marketing manager at ObserveIT said, adding that employee actions are often hidden in the large volume of data generated through normal user activities.
"Once users log in to these critical applications, many organizations have no idea what they are doing," Zanderigo said. "The only way to effectively address these types of insider threats is to detect toxic combinations of people, activities and applications that can put your company at risk."
If a user knows that they are being recorded, it can deter bad behavior, Zanderigo said.
Leveraging anti-fraud mechanisms for user behavior intelligence might help mitigate insider threats. By profiling the user's behavior inside the enterprise, the security team can spot abnormal behavior that might be risky to the enterprise, Tendler said.
"The good news is that all the relevant data to analyze is already there—it's just a matter of running the right analytics on the right data sets, and having the right security analytics teams analyzing the actionable results," Tendler said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.