Security Operation Centre

Reporting and visibility of insider threats

Posted on February 3, 2023

Estimated reading time 3 minutes

New Atech research shows 92% of all Security Operations Centre (SOC) alerts originate inside client organisations.

The FCA state: “Cyber-attacks are increasing in number, scale and sophistication, and pose a threat to all financial services firms. We expect you to be able to protect the sensitive information you hold. Is your firm capable of defending itself against cyber-attacks?”

Do you have visibility of attempted attacks?

In a freedom of information request, published earlier in 2022, the number of cyber-attacks reported to the FCA – malware, third party and phishing combined- was just 84 in the entirety of 2021. While it isn’t mandatory to report any cyber breaches to the FCA as part of a firm’s regulatory requirements yet, we believe that this figure is plainly massively understated. This could be for two reasons; the first being that no regulated firm wishes to unnecessarily advertise their network has been breached due to reputational loss, investor loss and financial loss. Secondly and as importantly, firms often don’t even know when their network has suffered a breach to start with. IBM’s recent report on this stated in 2022 it took an average of 277 days—about 9 months—for organisations to identify and contain a breach. This timeline is wholly unacceptable across every industry vertical, but across financial services should be unthinkable.

Visibility of your attack surface

In a hybrid working environment, the external attack surface of a firm increases rapidly, and a reporting tool that provides visibility and risk assessment in near real time is essential. Rather than security being viewed as a service with little ROI, thinking should be that AI and ML tools that manage cyber threat are a protector of ROI which is delivered from other areas of the organisation. Engaging with a SOC team alerts internal IT or operational teams to vulnerable accounts or security events, so swift action can be taken to remediate any breach or attempted breach of a firms’ network. In fact, that remedial action can be in near real time.

Getting proactive on insider and external attacks

A SOC service enables firms to stay ahead of internal unintentional or targeted attacks by detecting breaches and resetting passwords or blocking access ahead of the incident. A holistic view of an external attack surface is required, where not only DNS, mail and internet facing infrastructures are monitored, but also supply chain, and vendors implicated in those supply chains. This visibility outside of the network can prevent user breaches, which can again result in internal security vulnerability leading to insider attack.

In July this year, the FCA launched a joint discussion paper with the PRA and BoE to invite views on operational resilience asking “UK financial services firms are increasingly relying on third-party services to support their operations. But while these bring multiple benefits, this increasing reliance also poses systemic risks to the supervisory authorities’ objectives, including UK financial stability, market integrity and consumer protection. No one firm can manage these potential systemic risks.” Use of third-party vendors by nature increases the attack surface of a firms’ network. For most third parties in the alternative investment sector to carry out their role successfully, there is a need for information sharing or access to internal systems. Consideration must be given on how to carry out due diligence on third- party vendors, where internal information has been duly shared outside of a firm’s own zero trust network, where security measures can quickly lose visibility. Empowering collaboration that is secure and effective gives confidence to regulated firms that their ability to view and report on security events is fast and effective.

We’ll cover the guidance issued on dealing with outsourced third party vendors in a separate article.

If you would like visibility of all insider and external threats, get in touch with our team for a demo – or come and see us at Cloud & Cyber Security Expo 2023 at ExCeL London, 8-9th March 2023.

How can we help?

As Microsoft accredited cloud service providers we’ve got the tools and talent to put the incredible potential of cloud technology at the heart of your operation.

Fill in the form to speak to one of our cloud consultants about your cloud project. Let’s get the conversation started.


    First name
    Last name