The Risk of Insider Threat

Research demonstrates that most fraud risk is attributed to insider threat. In a study almost one third of all cyber attacks were committed by ex-employees.

It’s Not Just Cybercriminals: Insider Threats Still a Top Cyber Risk for Corporations
Property Casualty 360° | By Rhys Dipshan

As cyber espionage and ransom ware attacks wreak increasing damage on the world economy, it makes sense that many companies think their biggest threats comes from external actors.
But most risk still emanates from inside the organization, according to the Kroll’s Global Fraud & Risk Report.
The report was based on a survey conducted among 540 senior executives across six continents and found that a significant amount of companies’ fraud, cybersecurity and security incidents were caused by current or former employees.
Risks from current & former employees
Ex-employees, for example, were key perpetrators in 37% of security incidents that happened outside the cyber realm. What’s more, 25% of security incidents were caused by middle- or senior-level employees, while 26% were by junior employees.
Junior employees were also the most likely to cause fraud incidents, followed by ex-employees.
And while most cybersecurity incidents were caused by random cyberattackers, at 34%, ex-employees still accounted for 28% of all attacks, while senior or middle management employees accounted for 19%, and junior employees 16%.
Alan Brill, senior managing director with Kroll’s cyber security and investigations practice, noted that oftentimes, organizations will concentrate too much on high-tech cybersecurity needs, such as protecting their networks, and miss the fact that their biggest “risk factor comes from those who have access to sensitive information.”
Ensure former employees don’t have access
One major shortcoming among organizations is not properly ensuring former employees do not have access to enterprise systems. “You need to be able to not just plan the steps the company is going to take [when an employee leaves], but you have to have a way of knowing that the steps are actually being done. I think in many cases, there is a disconnect from what managers believe is being done and what is happening on the ground,” Brill said.
Brill also advised organizations to ensure that “the right agreements are [in] place” to limit employees’ and contractors’ access to sensitive information, and train employees on the appropriate data handling procedures.
Most companies surveyed took measures to mitigate the risk of insider threats. Over 80%t restricted employees from installing software on company devices and had employee training programs. Over 75% had internal cybersecurity policies and procedures.
But Brill noted that it’s not enough to just have security programs and policies without constantly reviewing their usefulness. He said that many companies need to use “metrics to understand if what they’re doing is effective,” and build their security programs around tested results.
Fraud, information theft
Such proven programs are becoming increasingly necessary given the wide range of fraud and cybersecurity incidents that organizations face in the current economy. The survey found, for example, that 29% of respondent companies suffered fraud, which resulted in information theft, loss or attack, while 27% had theft of physical assets or stock, and 26% uncovered a conflict of interest.
Information theft and conflict of interest incidents were experienced by 5% more companies in 2017 than in 2016, the biggest increase among all types of fraud incidents.
Brill noted that such conflict of interest incidents are becoming more common as enterprises rely on more vendors in their supply chain and as compliance offices become “more able to detect conflicts of interest” through the use of better compliance technology.
More vulnerable to all types of threats in 2018
With regards to cyber incidents, the survey found the amount of companies attacked by malicious viruses rose 3% to 36% in 2017, while those suffering email phishing attacks rose 7% to 33%, which Brill attributed to such scams becoming more sophisticated.
When compared with the 2015 survey results, respondents believed they’re more vulnerable to all types of threats in 2017 than they were two years prior, with the exception of theft of physical assets or stock. Areas where respondents believe their vulnerability had increased the most since 2015 included IP theft, management of conflicts of interest, and market collusion.

Homeland Security: Data Breach in 2014, Over 240K Workers Affected

The Inspector General for Homeland Security found that the personal information of more than 247,000 employees and others connected with the agency was compromised in 2014.

Data Breach Affected More Than 240,000 Homeland Security Workers, IG Confirms
Nextgov | By Joseph Marks |

Personal information about more than 247,000 Homeland Security Department employees and other people connected with the agency was compromised in 2014, the department’s internal auditor said Wednesday.

In May, the Homeland Security inspector general’s office found a copy of its investigative case management system—and the reams of personal information it contained—in the possession of a former inspector general’s office employee, according to a department statement.

Inspectors found the case management system as part of a criminal investigation but did not say if the former employee is the target of that investigation.

The statement also did not provide details about how the system ended up in the former employee’s possession except to say that it was not the result of a third-party cyberattack and that other employees’ personal information was not the target of the “unauthorized exfiltration.”

USA Today described the breach in November based on leaked documents but Homeland Security did not confirm the breach at that time.

The case management system contained personal information on 247,167 Homeland Security employees who worked for the department when the information was removed in 2014, the department said.

It also contained information about non-employees who were subjects, witnesses or complainants in inspector general investigations between 2002 and 2014, the department said. The statement does not say how many non-employees were in that group.

The department is “implementing additional security precautions to limit which individuals have access to this information and will better identify unusual access patterns” in the future, according to the statement.

The statement did not describe what personal information was compromised. Personal information can range from less sensitive information, such as names and phone numbers, to highly sensitive information, such as Social Security numbers and financial data.

The department is offering free credit monitoring to employees and other people whose information was compromised. Employees were informed about the breach in a Wednesday letter, but the department won’t directly notify non-employees because of “technological limitations.”

The notice includes a contact number for non-employees who were associated with Homeland Security inspector general investigations to request credit monitoring.

Security experts have often said credit monitoring is less effective at preventing criminals from profiting off your leaked information than other steps such as freezing your credit.

“The Department of Homeland Security takes very seriously the obligation to serve the Department’s employees and is committed to protecting the information [with] which they are entrusted,” the notice states.