Coping with insider fraud

What is insider fraud?

Insider fraud is where data or money is stolen from companies by internal staff or contractors who have access to internal systems and processes.

Reports by security experts have found that malicious employees or other insiders are responsible for more than half and sometimes up to 90 percent of the cases where data or money has gone missing.

Insider fraud and failed audits caused by employees abusing privileges and access to confidential information continues to be a growing challenge for many industries, particularly financial services, government and healthcare. These abuses result in lost business, damaged reputations and financial losses totalling billions of dollars.

While most organisations have invested in robust security technologies to protect themselves from external attacks, many still struggle to address more challenging threats from within.

Why it is a growing problem?

Gartner estimates that global fraud costs are likely to total more than $300 billion over the next year.

According to the bi-annual KPMG Fraud Barometer released last week, which monitors major frauds prosecuted in Australian courts over a six month period, most were committed by company bosses with the average case involving more than $2 million.

Accounting fraud was at the top of the list, amounting to $41 million, while financial institutions were the most common victim of organised crime syndicates, with over $30 million of fraud cases prosecuted over the last six months.

Until now, most companies using fraud detection technology have been limited by siloed solutions, each working in different departments, so fraud prevention has been fragmented. Adding more intelligent devices onto the network such as intrusion prevention systems (IPS) and even security information and event management (SIEM) products provide little added protection, because the real threat is already inside and has a valid user ID and password.

Indeed, most insider fraud goes undetected within the enterprise for more than a year, after which uncompromised evidence is difficult to secure and taking decisive action is nearly impossible. However, a new generation of enterprise fraud management solutions are emerging that make it easier to monitor fraudulent activity across organisations.

How can you reduce the possibility of insider fraud in your organisation?

Monitor user activity and stop the guessing games 

If your existing applications are unable to give you a complete or accurate picture of who did what and when, find a solution that does. You need to be able to assemble a complete history of user activity on all enterprise applications in one centralised location. 

Record user activity and play it back on demand

Retrieving evidence of questionable behaviour is difficult and often impossible because data is incomplete, scattered, or subject to manipulation.  Find a solution that lets you easily search, retrieve, and replay any part of a user's complete activity history, safely storing it in a secure repository.

Analyse user activity and take informed action.

Without a complete or accurate picture of employee behaviour across multiple systems, you cannot clearly distinguish between suspicious activity and legitimate work. You need to analyse the patterns, trends, and differences across multiple employees and departments, as well as across diverse applications.

As insider fraud becomes increasingly sophisticated and industry and government regulations more demanding, organisations need to be able to protect their sensitive data and identify actionable evidence of employee abuse when an internal fraud incident occurs.

Colin Barnetson is an integration solutions specialist at Attachmate Asia Pacific.