For the most part, when compared to organizations of a similar size in dif-
ferent business verticals, ﬁnancial organizations in the U.K. are particularly
diligent when it comes to security and monitoring.This doesn’t mean that
ﬁnancials don’t have their share of problems and well-publicized attacks.They
are a big target from the inside and outside, and because they are in the busi-
ness of trust, security has always has been a chief concern.
The more successful a ﬁnancial organization is, the bigger target it
becomes. And not just from external threats. More business means more
employees, partnerships, vendors, consultants, and so forth.Thus, the potential
insider threats increase with the size of the organization.
As ﬁnancial organizations become successful, they also tend to grow
through mergers and acquisitions. Anybody who has been through M & A
knows that it can be difﬁcult for a number of reasons. One of those reasons
being that people begin to wonder if they are going to lose their jobs, be
forced to move, what their new boss will be like, and so forth. In this atmo-
sphere an employee can become angry, even vengeful, and turn into a mali-
One tactical issue sometimes overlooked is connecting the merging orga-
nizations from an IT perspective. With a very large organization and a very
small organization, this isn’t a huge undertaking, but when two substantial
organizations somewhere in between come together, the effort is challenging.
One such organization that I have worked with throughout the years is one
of the biggest ﬁnancials in the U.K.They have been purchasing other ﬁnan-
cials for years and continue to have explosive growth.They were early
adopters of SIM and ESM technology, and they’ve deployed it enterprise-
wide to monitor everything from the largest mainframes to the smallest net-
In fact, their ESM is so well integrated that their incident response times
have steadily reduced over the years, making them highly efﬁcient and capable
of leveraging security analysts more strategically. Executives review ESM
reports, and incident response programs involve individuals from legal and
human resources departments; the entire organization has a top-down
approach to security.
130 Chapter 8 • Outbreak from Within—A Financial Organization in the U.K.
424_Wtr_Clr_08.qxd 7/27/06 9:25 AM Page 130