While some threat actors sequester themselves in their parents’ basements or operate out of unmarked buildings overseas, others work in plain sight. For organizations around the globe, threats from ‘insiders’ are becoming a key concern. As many as 57% of enterprises perceive insider threats as intensifying. Once an insider gains access to valuable information, it turns into insider fraud.

Insider fraud

Insider fraud occurs when a current or former employee, contractor or business partner leverages access to credentials and data in order to perpetrate a cyber attack. The “victim” is the individual or organization that experiences negative repercussions on account of the hacker’s manipulation of stolen information.

Insider fraud can occur in a variety of different instances. For example, while examining data for analysis, an employee could steal or modify small pieces of the data in an unnoticeable and untraceable way. Alternatively, insider fraud could involve exfiltrating information in order to sell it to a competitor.

Real-world examples

  • In one notable real-world instance of insider fraud, a former Amazon employee managed to issue more than $90,000 in fraudulent refunds to himself and those around him. He took advantage of his role at the company by issuing refunds without returning products.
  • In another instance, a well-known bank’s employees allegedly opened fake accounts attached to customers’ existing accounts in order to meet sales goals.
  • In yet a third instance, employees convinced an administrator to grant them access to data, downloaded thousands of files containing trade secrets, and sent them to private email addresses.

The insider fraud dilemma

Malicious insider threats aren’t always visible enough to set off any alarms or to raise the least bit of suspicion. And the cost of investigating insider fraud can be quite high. It has increased by as much as 86% over the past few years. Losses tend to increase if the organization is unable to identify and remediate the problem quickly.

Financial damage

Insider fraud isn’t simply a nuisance. Insider fraud can result in financial ruin through a combination of direct costs, indirect costs and lost opportunity costs. While precise costs can vary widely, the average cost of an insider threat is roughly $13 million.

Insider fraud prevention

The current security digital landscape often lends itself to insider fraud. Strategizing around it is crucial. Pursue the following steps in order to reduce undetected fraud activities.

1. Develop a strong system of internal controls. Examine the classes of data that your company interacts with (public, confidential, highly restricted…etc.,) and establish controls accordingly. Track, record and log employee interactions with online client accounts.

2. Encrypt data as needed. Encryption can be applied to storage drives, emails, and specific files in order to prevent those without decryption keys from viewing it.

3. Limit data collection and retention. Less data means less to worry about. It also translates to improved allocation of resources for the protection of existing valuable data.

4. Pay special attention to privileged accounts. Employees with high levels of clearance likely have greater access to sensitive data, intellectual property, business relationship information…etc. To reduce the likelihood of data misuse, consider closely monitoring electronic actions of privileged account holders.

5. Enforce security policies and controls. Clearly document, explain and regularly revise and enforce cyber security policies. Consider reminding employees about what would or would not constitute an insider threat and both corporate and individual consequences.

6. Audit critical business process. Your organization may wish to regularly conduct audits of business processes to ensure that nothing is amiss.

7. React to suspicious activity once it has been detected. Ensure that your enterprise can capture clear, irrefutable evidence around actual insider actions.

8. Continuously revise and update your strategy. Business policies, people and processes change on a regular basis. As your enterprise encounters new growth opportunities, and adopts new technologies, new fraudulent schemes may become possible.

Further information

Some insider fraud perpetrators are simply opportunistic. Others rationalize the notion through beliefs around inadequate pay, social justice activism, an organization’s high growth and high margins, or an existing culture of fraud within a given organization.

Support your business by implementing insider fraud prevention techniques. Minimize the risk of sensitive data compromise.

Discover more insider threat mitigation and insider fraud prevention resources through the Cybersecurity and Infrastructure Security Agency. Lastly, obtain leading-edge cyber security news, expert insights, analyses and security white papers when you sign up for the CyberTalk.org newsletter.