Subscribe by email
It’s easy to point fingers when another organization has an insider fraud incident. But information from the new Survey on the Risk of Insider Fraud by Attachmate Corporation and Ponemon Instituteshows that more organizations need to turn a scrutinizing eye toward their own risk.
The survey encompassed more than 700 organizations and revealed some alarming data security trends:
- More than 75 percent of the respondents indicated that privileged users within their own institutions had or were likely to turn off or alter application controls to change sensitive information – and then reset the controls to cover their tracks.
- Eighty-one percent replied that individuals at their institutions either had used or were likely to use someone else’s credentials to gain elevated rights or bypass separation of duty controls.
- On average, respondents noted that their organizations experienced more than one incident of employee-related fraud per week – about 53 in a year’s time(infographic available). Twenty-four percent of respondents indicated that their organizations experienced more than 100 incidents in the past 12 months.
- Once an incident has occurred, it takes organizations an average of 89 days to discover it and an additional 96 days to uncover the root cause and determine the consequences to the organization.
- A majority of respondents – or 62 percent – were unable or unsure of their ability to assess the financial impact and true costs of fraud.
- Approximately two-thirds of internal fraud investigations do not result in actionable evidence against the perpetrators, meaning a majority of the incidents go unpunished and leave organizations vulnerable to additional incidents.
“This data demonstrates that employee actions across an enterprise are not visible,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “While organizations may have policies in place that are meant to curtail insider fraud, what’s on paper doesn’t necessarily lead to compliance.”
In fact, 52 percent of respondents noted that they do not believe they have the appropriate technologies to prevent or quickly detect insider fraud, including employees’ misuse of IT resources. Traditionally, IT departments review log files to analyze employee activity. However, 78 percent of respondents believe the manual review of log files is an inadequate method for observing questionable or suspicious employee access and computing activities.
{ 1 comment }
Thanks!