Cyber criminals may be making the headlines, but insider fraud artists – many of them senior, trusted staff – remain the biggest crooks. They fly under organizations’ radar for lengthy periods and cost organizations globally roughly $3.7 trillion a year by one estimate, according to 2013 data from the Association of Certified Fraud Examiners (ACFE).
Strides are being made to combat these stealthy insiders. Sophisticated new technologies are detecting abnormal employee behavior patterns in real time – often before actual fraud occurs. These and other advances are critical to combat insider threats because one solution can’t address all the types of fraud. To protect themselves, companies must adopt a layered approach to cybersecurity.
No sector is immune, particularly financial services, information technology, government, commercial facilities, healthcare and public health. And traditional weapons for combatting insider fraud – on their own, surprise audits, internal whistleblowers (who often use an antifraud hotline to report situations) and strengthened background screening – aren’t adequate to catch them all.
To Stop Fraud, Study the Fraudsters
Software producers, law enforcement agencies, and academic researchers and engineers are pioneering new antifraud tools and advanced risk-management controls. At Carnegie Mellon University, for instance, engineers at its Insider Threat Center – part of its Computer Emergency Response Team (CERT) function – methodically analyze real-life insider attacks to identify how insiders pull off their damaging thefts. Its database contains over 1,000 documented cases of insiders using information technology to cause harm.
Combined, all of these insider fraud combatants are identifying a roster of warning signs to help organizations better spot and deal with insider fraud. This list includes the downloading of files or documents that aren’t germane to an employee’s job or, related, the withdrawal of information surreptitiously from file services such as Dropbox and Google Drive. Add to the list requests for data or access for which an employee shouldn’t be seeing, as well as the manipulation of customer information or the out-of-the-ordinary handling of dormant customer accounts.
Using Real-Time Analytics to Detect Fraud Faster
On the behavioral monitoring front, for instance, breakthroughs in analytics are helping identify uncharacteristic employee behaviors by better benchmarking normal activity. In the past, for instance, banks wouldn’t know that an employee searched 17 different customer accounts in 13 days without closing any transactions before fraudulently transferring funds to an illegal account. Real-time behavioral monitoring tools can spot and alert officials to such behavior outside of the ordinary – and it can do this across multiple platforms and applications.
Other red alerts include attempts to breach an employee’s specific access privileges; the sudden or increased frequency of requests or requisitions for data-storage devices; and unusual communication or collaboration between employees that suggest collusion. Be alert to the use of shared computers as well since insiders can load malware on them for stealing or spying on records and other data.
Equipped with these warning signals, organizations can mitigate against them. Already, organizations are constraining remote work outside of normal hours; enhancing monitoring within a time window of a damaging incident; and monitoring to detect insiders using colleagues’ accounts remotely.
In addition, savvy IT operators within organizations are employing threat-deterring technologies that monitor phone activity logs to detect suspicious behaviors. They are checking and controlling privileged accounts; watching external access and data downloads; and protecting critical files from being modified, deleted or disclosed without authorization.
By establishing what’s outside of normal behavior for specific employee roles, organizations – especially banks – can identify the abnormal behavior, issue alerts, and suspend employee access to prevent fraud in real time – before damage is done. They can institute controls that don’t allow a back-office employee to transfer customer funds, a front-office employee to change customer addresses, or collusion between employees.
When employees leave, an organization can disable their accounts and/or connections to prevent fraud, and many banks already are doing this. IT departments also can prevent installation of unauthorized data-removal storage methods and identify all access paths into their information systems. Some are deploying an easy-to-use monitoring system with Google-like search features that handle highly specific behavioral criteria. Such technology that is intuitive can eliminate errors and enable more advanced monitoring.
Organizations now can even institute alerts of suspicious patterns of behavior in real time and receive visual evidence of illegal activity while it occurs. It does this by recording screen-by-screen activity at the application level. This creates a comprehensive data trail that can be used in court.
Fraud by rogue insiders can be difficult to spot. But the advances in sophisticated technology – specifically those that analyze behaviors and determine in real time when abnormalities transcend normal behaviors – prove especially critical. Organizations now can nab insider crooks before they’ve vanished or it’s hard to prove they were responsible.