Insider Threats Trump Hackers in Enterprise Data Loss Events

Anthony Freed
By | October 17, 2012

Posted in: Network Security Trends

As organizations continue to invest heavily in perimeter security solutions in an effort to protect sensitive data from external compromise, an insidious threat lurks from deep within the confines of the enterprise: Threats from the malicious insider.

While the general rate of fraud is down slightly from last year's levels according to a study released by Kroll Advisory Solutions, two-thirds of all corporate fraud reported is being committed by trusted insiders, an increase of nearly 15 percent over the last two years. Insider threats are particularly troublesome for organizations, as the perpetrators tend to have unfettered access to the most confidential of information, and the breaches are usually only detected long after the damage is done.

“The fact that overall fraud is down globally reflects the focus and consideration that major corporations are paying to the issue. However, most of those efforts have been directed at external threats. The results this year demonstrate that companies must turn their attention inward. In particular, firms need to make protection of confidential information and electronic data a top priority," said Kroll's Robert Brenner in a press release.

The researchers surveyed more than 800 senior executives worldwide and discovered that as many as six in ten companies reported they were affected by some form of fraud last year, with data loss events accounting for one-fifth of the incidents.

Where information theft is concerned, improprieties committed by corporate employees at all levels made up more than one-third of the incidents, twice the number of events attributed to external threats such as hackers. Management cited the complexity of information technologies as the being the biggest factor factor for exposure.

The study also revealed that overall concern regarding fraud events has been decreasing, especially where the two most common types of corporate fraud are concerned - theft of company assets and the pilfering of proprietary information. Companies that do not have adequate fraud controls in place are most likely to experience losses, the study found.

On a positive note, the research indicates that the Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act are having a positive impact on the reduction of corporate fraud, with more than half of the companies surveyed now conducting thorough risk assessments, twice the number who engaged in the practice last year. Companies also reported an increase in compliance and due diligence training of senior management.

"The Kroll reports drives home the proposition that companies must have systems in place to both prevent and detect fraud and corruption. Robust internal controls plus rigorous monitoring are now considered as a minimum for a best practices compliance program," noted attorney and FCPA compliance expert Thomas Fox in an email interview with Security Bistro.

The full report from Kroll is available here.

You May Also Be Interested In: