Financial insider threats: a cybersecurity STRIDE analysis

Insider threats pose significant cybersecurity risks, particularly in the financial sector, where privileged access can be exploited for fraud. This study applies the STRIDE threat model to analyze insider threats within a financial institution, using the real-world embezzlement case of Megan Lea Dougherty at the Exchange Bank of Missouri. The research identifies key technical vulnerabilities, including weak access controls and insufficient monitoring, facilitating fraudulent activities. By integrating the STRIDE framework with behavioral insights from the Fraud Triangle, the study demonstrates how systemic weaknesses and individual motivations intersect to enable insider threats. The findings emphasize the importance of addressing technical and human factors in financial cybersecurity, offering a structured approach to insider threat mitigation. Organizations can leverage this dual framework to enhance fraud detection, strengthen internal controls, and reduce the risk of insiders' financial exploitation. This research contributes to cybersecurity threat modeling by illustrating how STRIDE can effectively apply to financial insider threats, bridging the gap between technical security measures and behavioral risk analysis.