Managing insider threat

  • Share

Companies should publicise their efforts within the group to foster a culture of integrity and accountability 

Many organizations have realized the need to have controls around processes and technology to combat threats to sensitive information. Historically, organizations have focused more on protecting their information systems and assets against intruders and hackers from the outside. As a first step almost all of them have implemented security technologies for protecting their valuable information by implementing firewalls, intrusion detection, anti-virus, anti-spam, anti-spyware and other tools.

The recent insider bank fraud at a leading bank where an employee was caught with unauthorized wire transfer of funds from bank customer accounts has alerted the organizations about the internal risk that exists within the organization. Though with all the systems in place there is an increasing threat to corporate security of an organization that comes from within the organization.

This risk could be from current and former employees, managers, contractors and other internal personnel who pose a major threat due to the available knowledge and their access to sensitive company data and information.

EY’s 2009 Global Information Security Survey identified that authorized users and employees pose the greatest security threat to an organization. Also the 2010 SAPS crime statistics show that a total of 84,842 white-collar crime cases were reported between April and March 2009/10, marking a 56% increase from 2006.

But what could be the reasons why an employee would commit an internal fraud? The following structure explains why an internal fraud is a serious threat for the organization:

Chart: fraud triangle

The fraud triangle depicts the Motivation, Rationalization and Opportunity for an employee planning a potential fraud. But in case on insider threats it is worthy to emphasis the “Opportunity” dimension as access to sensitive and award worthy information triggers the perpetration of an insider fraud.

Though insider threats are easy to understand but they are hard to detect than external threats. The employee perpetrating the fraud are generally allowed/ authorized to access sensitive information/ data to execute their routine jobs. To identify the individual who is misusing the information is like finding a needle in a haystack blind folded. This is even more difficult than detecting unauthorized access by an external hacker/ intruder. This also emphasizes that:

  • Policies and procedures designed for employees don’t deal with frauds possible through authorized access to information
  • Sufficient technology and knowledge is not deployed to deal with this scenario
  • Well designed policies/procedures and technology go hand in hand to ensure insiders don’t mutate into a threat.

Furthermore, most business processes and operations in today’s world are automated.  Employees no longer need physical access to documents that were earlier used to be kept under lock & key.

What should organizations do?
Fortunately, the growing awareness of the insider threat to company information is as risky as malicious outsiders which is pushing organizations to take preventive measures.

Following are the three areas that could be implemented to tackle insider threats:

Processes & policies
  • Clear classification of information between sensitive, regular & public
  • Tightening of procedures that deal with employee access to information
  • Classification of employee roles into “information roles” describing their need and right to access relevant information
  • Deploying monitoring technologies that help identify at a later date, “who accessed what and when”
  • Technology that intelligently gives a real time alert on deviation in information access patterns for an “information role”
  • Creating awareness internally on organization’s commitment and readiness  to handle information theft seriously
  • Training employees on do’s and don’ts to combat unintended information leak

Though the threat is substantial enough for organization to take action and look for solution, regulatory requirements have also fueled the market with many solutions and products that tackle insider threats.

Also the insider threat would vary from one industry to other with different threats as mentioned below which would need customized solutions to curb the same-BFSI – Customer details, transaction records, Pharma/ Manufacturing – Patented information, Copyrights, Order details, Information Technology – Proprietary codes, contract details, Order details, Entertainment – Copyrighted digital content, contracts and Defence – Terrorism related information flow on internet gateway etc.

Organizations have realised that the shift in focus is required to not only tackle the outsider but also to do an introspection of possible insider threats and also look for solutions and technology that can help prevent, detect and control insider threats.

Views expressed are personal in nature

The article is joint contribution from Arpinder Singh, Partner & National Director, Fraud Investigation & Dispute Services (FIDS) and Amit Jaju, Manager,FIDS