Companies are accustomed to protecting their valuable information assets from outside attack. But the reality is that your “trusted” insiders commit more fraud and compliance violations than anyone else. In fact, on average, insider fraud happens once a week in the typical organization (Ponemon Institute Survey, September 2011). If insider threat detection is not a major concern in your organization, maybe it should be.
Insider vs. Outsider Threats
Insider threats are more difficult to detect than outsider threats. The perpetrators—your current employees, former employees, vendors, contractors, and business partners—are authorized to access sensitive data as part of their jobs. And because policies and procedures are often loosely defined and enforced, it is hard to know when the line has been crossed.
Profile of an Internal Fraudster
Data gathered over the years tells us that malicious insides work quietly and steadily, often for weeks or months at a time, without detection. Here’s what research has taught us about who they are and how they operate:
- They are longtime employees.
- They work in nontechnical positions.
- They have authorized access to internal systems.
- They have unblemished employee records.
- They use legitimate computer commands to commit fraud.
- They commit fraud primarily during business hours.
Source: Survey conducted by the US Secret Service National Threat Assessment Center and the CERT Coordination Center of the Carnegie Mellon University's Software Engineering Institute, 2005.
Why They Do It
These individuals are often driven by revenge or dissatisfaction with company management. But many insider crimes are committed for financial gain. Your inside criminal may even be working in tandem with outside identity thieves, organized crime groups, or competitors.
Sadly, chances are good that it’s happening in your organization right now—which means insider threat detection is not a luxury, it’s a necessity. And educating yourself is the first step to unmasking the fraudsters in your organization.
- The Latest Insider Threat Research
2011 Ponemon Study on Insider Threat
By: The Ponemon Institute and sponsored by Attachmate
It’s easy to keep your blinders on when another organization has an insider fraud incident. But information from a new survey, The Risk of Insider Fraud by Attachmate Corporation and Ponemon Institute, shows that more organizations need to turn a scrutinizing eye toward their own risk.
Access the Executive Summary here
ACFE’s 2012 Report to the Nations on Occupational Fraud and Abuse
By: Association of Certified Fraud Examiners (ACFE)
The Association of Certified Fraud Examiners (ACFE) is an organization of fraud, audit and investigation professionals dedicated helping organizations identify and manage risk. According to the Report to the Nations, organizations worldwide lose 5% of their annual revenues to fraud.
Summary slides are available here: http://www.acfe.com/uploadedFiles/ACFE_Website/Content/documents/2012-rttn.ppt
The full report can be accessed via this link: http://www.acfe.com/uploadedFiles/ACFE_Website/Content/rttn/2012-report-to-nations.pdf
2012 Data Breach Investigations Report
By: The Verizon RISK Team and several contributing agencies around the world
The 2012 Data Breach Investigations Report (DBIR) is a source for the latest, most relevant security information. This study was conducted by the Verizon RISK Team with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting and Information Security Service, Police Central e-Crime Unit, and United States Secret Service.
http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
CERT Insider Threat Study
By: CERT and the U.S. Secret Service
Since 2001, the U.S. Secret Service and CERT have collaborated in an array of efforts to identify, assess, and manage potential threats to, and vulnerabilities of, data and critical systems.
The study has resulted in a series of four case study reports:
- Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector (pdf), published in August 2004, examined 23 incidents of insider threat in the banking and finance sector.
- Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors (pdf), published in May 2005, examined 49 insider incidents across critical infrastructure sectors in which the insider's primary goal was to sabotage some aspect of the organization (for example, business operations, information/data files, system/network, and/or reputation) or direct specific harm toward an individual. Executive Summary (pdf).
- Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector (pdf), presents findings on 52 incidents in which the target organizations were in the Information Technology and Telecommunications Sector. Executive Summary (pdf).
- Insider Threat Study: Illicit Cyber Activity in the Government Sector (pdf), examines 36 incidents of illicit cyber insider activity that fall within the government sector. Executive Summary (pdf).
CSI Computer Crime and Security Survey 2010/2011
By: CERT and the U.S. Secret Service
This survey marks the 15th annual edition of the CSI Computer Crime and Security Survey, making it the longest-running project of its kind in the security industry.
The survey is available via this link (registration is required): http://reports.informationweek.com/abstract/21/7377/Security/research-2010-2011-csi-survey.html