UBS Rogue Trader: An Enterprise Security Wake-Up CallBy CIOinsight | Posted 09-16-2011
The arrest of a rogue stock trader at UBS, one of the world s largest and most recognized banks, should serve as a wake-up call to all enterprises that many security threats actually come from inside their organization rather than from outside, according to security experts.
London police arrested a rogue trader with the Swiss bank on Sept. 15. In a terse four-line statement, UBS said the trader is suspected of causing an estimated $2 billion loss due to unauthorized trades. No client positions appear to have been affected.
While UBS has not named the trader, the Financial Times identified him as Kweku Adoboli, a director in European equity trading for the Zurich-based bank.
The UBS incident echoes what cyber-security experts have been saying for a while now: insiders are among the biggest threats facing organizations.
Damages inflicted on financial firms by managers, sales staff and other non-technical personnel averaged about $800,000 per organizations, according to figures collected by Carnegie Mellon's CERT Program, a federally funded research center in the school's Software Engineering Institute.
Organizations are "building walls" around the networks to keep malicious perpetrators out, but having difficulty defending against "potential menaces that are already on the inside of the fence," said Gregory Shannon, chief scientist at CERT. Nearly half of all inside attackers at financial services firms conspired with outsiders, and a third worked with colleagues to commit cyber-crimes, according to Shannon. Employees have also stolen intellectual property and sabotaged systems.
For more, read the eWeek article UBS Rogue Trader Underscores Insider Threats Facing Enterprises.