Insider threat and how to guard against it

Cyber crime has become a fact of life for businesses of all sizes. As the battle with external forces has intensified, companies have spent a lot of money beefing up their security provisions.

One of the biggest threats organizations face is not external,it’s the threat from within. Technological proliferation has gathered pace over the course of the last decade, and as companies have become ever more diverse and complex, insiders have begun to seize upon myriad opportunities.

Insider fraud is a real and substantial danger companies must overcome. It is a process which requires investing considerable financial and time resources. It costs companies, and the wider economy, trillions of money every year as employees commit theft and fraud against their employers, often without detection. For some analysts, insider fraud poses an even greater risk to companies than outsider or some cyber crime incidents. “While the media and many organizations tend to focus on external threats, insider fraud is more insidious, difficult to prevent and often more damaging. Insiders have an inherent advantage due to their direct access to systems and the ability to take advantage of trusting relationships. Employers are often reticent to acknowledge the possibility that a trusted employee has committed fraud. As for the most common types of insider fraud, our 2016 Report to the Nations on Occupational Fraud and Abuse shows that the most pervasive are asset misappropriation schemes related to the billing and accounts payable functions.”

A crucial issue in the fight against insider fraud is determining who exactly a company may be fighting as they attempt to mitigate the threat. Risks are posed to a company by a number of different actors. Malicious insiders, exploited insiders and careless insiders all pose challenges.

Primarily, insider threats are posed by current or former employees, and third parties such as contractors or business partners, who have authorized access to an organization’s network system or data. It is important to note that the individuals posing the threat come from a diverse cross-section; they are not always necessarily disgruntled employees at the bottom of the food chain. Malicious activity can come from the front line, or it can come from an executive’s office. Furthermore, these individuals engage in a range of illegal activity. Employees, officers and directors are accused of diverse illegality, ranging from petty theft, to intricate fraud, cyber crime and insider trading. The rise of technology and the increased complexity of companies have contributed to the key variable in fraud risk: opportunity.

Malicious actors now have more opportunities and better tools with which to perpetrate fraud. However, accidents are another common threat. Insiders may be tricked or manipulated into causing harm to a company, or allowing a third party to do so. Often the accidental insider believes they are operating in the best interests of their employer, but that is not always the case. Regardless of the intention, insider threats, be they malicious or otherwise, can be hugely damaging.

Typically, malicious insiders use the access they are afforded by their employers to intentionally compromise the confidentiality, integrity or availability of an organization’s data or systems. These malicious parties may steal intellectual property or commit fraud; they might conduct unauthorized trading or destroy valuable data. In reality, given the scope of access for individuals in the ‘right’ areas of a business, an insider may be able to commit untold damage to an organization, often without detection.

Insiders also have a substantial advantage over external agents as they can more easily outwit internal security measures both electronic and physical. Bearing in mind the threat level posed by insider fraud, how can companies prepare to defend themselves? Can insiders be stopped

Given how deeply entrenched insiders can be, fighting back can be a difficult and costly process, although by no means fruitless. The first step companies should take is to identify their most important and sensitive assets and determine who has access. This, in the first instance, should enable companies to develop a solid foundation for their insider threat programme.

Organisations must also ensure that education and training sessions are held for all employees, which helps them to understand their role in any potential breach. All staff should receive fraud awareness training that provides a tangible connection to the repercussions of insider fraud. Without effective training, employees are often simply unaware of potential threats, how they are carried out and how they can be mitigated. Training can also have a deterrent effect by letting employees know that the company is serious about stopping internal fraud. Companies should also ensure they have an effective reporting programme in place

Whistleblower programmes are increasingly popular for many organizations, however they must go hand and hand with education schemes. If employees are expected to report incidents of suspicious activity, it is imperative that they are first given help to understand the types of behaviour they should be guarding against. Aside from formal whistleblower programmes, fostering an open work environment, in which employees are comfortable asking questions and raising concerns, can mitigate fraud risk, as well as have other salutary effects. A pattern of undue deference to a senior employee who wields excessive control over an aspect of the business, particularly in finance or bookkeeping, may be a red flag. A proactive measure that companies should consider is defining and confining their employees’ zone of privacy in the workplace, especially in respect of company issued technology. Staff members should be comfortable enough to engage in a dialogue with higher management.

For some, employers have been directing their energies in the wrong areas when it comes to monitoring employees, and their approach to technology. Rather than looking at technological development as a new way in which employees can while away the hours that they should be working, companies should embrace technology as a means to fight the corrosive effects of insider threats. But that only works when combined with other strategies for monitoring and managing employees.

The tech revolution of the last few decades should help organizations to identify and mitigate internal threats. But technology is not a panacea, it must be embraced and implemented as part of a wider culture of security. Via the creation of an overarching security culture, companies can begin to mitigate internal threats. Sustained security awareness programmes that embrace technological innovation are a must. Applications and processing, including database activity monitoring, whitelisting, network flow analysis, security information management and data loss prevention, can all be valuable tools, though they are by no means the only weapons available.

As an enhancement to existing data analytics programmes, behavioural analytics can be used to detect anomalous activity by comparing an employee’s baseline profile to his network activity. This type of technology can be difficult to implement and result in significant false positives, but it will become increasingly effective as it is refined over time.”

Conclusion

To tackle insider threats, companies must be sure that they understand their first responsibilities are to protect the privacy of their employees and the integrity and confidentiality of their corporate data. By creating an inclusive culture of security and compliance that takes into account all aspects of the firm’s leadership, companies will set themselves on the right path. But they must do more. Technology solutions that will complement internal risk mitigation can be invaluable; biometrics such as fingerprint scanning should be explored and implemented if feasible. Companies should also ensure that concepts such as the ‘principle of least privilege’ are enforced across their entire workforce to ensure that employees or users are given access to the minimum amount of data access to be effective at their roles. As the insider threat level rises, companies need to be more proactive.

Related Articles

Responses

Ifis Updates

Subscribe to our newsletter

You will be able to get all our weekly updates through the email you submit.

Newsletter

Subscribe to Newletter

Subscribe to our newsletter and stay updated with the latest in cybersecurity and digital forensics.