New Technology Can Help Corral Insider Fraud

August 25, 2015

Cyber criminals may be making the headlines, but insider fraud artists – many of them senior, trusted staff – remain the biggest crooks. They fly under organizations’ radar for lengthy periods and cost organizations globally roughly $3.7 trillion a year by one estimate, according to 2013 data from the Association of Certified Fraud Examiners (ACFE).

Strides are being made to combat these stealthy insiders. Sophisticated new technologies are detecting abnormal employee behavior patterns in real time – often before actual fraud occurs. These and other advances are critical to combat insider threats because one solution can’t address all the types of fraud. To protect themselves, companies must adopt a layered approach to cybersecurity.

No sector is immune, particularly financial services, information technology, government, commercial facilities, healthcare and public health. And traditional weapons for combatting insider fraud – on their own, surprise audits, internal whistleblowers (who often use an antifraud hotline to report situations) and strengthened background screening – aren’t adequate to catch them all.

To Stop Fraud, Study the Fraudsters

Software producers, law enforcement agencies, and academic researchers and engineers are pioneering new antifraud tools and advanced risk-management controls. At Carnegie Mellon University, for instance, engineers at its Insider Threat Center – part of its Computer Emergency Response Team (CERT) function – methodically analyze real-life insider attacks to identify how insiders pull off their damaging thefts. Its database contains over 1,000 documented cases of insiders using information technology to cause harm.

Combined, all of these insider fraud combatants are identifying a roster of warning signs to help organizations better spot and deal with insider fraud. This list includes the downloading of files or documents that aren’t germane to an employee’s job or, related, the withdrawal of information surreptitiously from file services such as Dropbox and Google Drive. Add to the list requests for data or access for which an employee shouldn’t be seeing, as well as the manipulation of customer information or the out-of-the-ordinary handling of dormant customer accounts.

Using Real-Time Analytics to Detect Fraud Faster

On the behavioral monitoring front, for instance, breakthroughs in analytics are helping identify uncharacteristic employee behaviors by better benchmarking normal activity. In the past, for instance, banks wouldn’t know that an employee searched 17 different customer accounts in 13 days without closing any transactions before fraudulently transferring funds to an illegal account. Real-time behavioral monitoring tools can spot and alert officials to such behavior outside of the ordinary – and it can do this across multiple platforms and applications.

Other red alerts include attempts to breach an employee’s specific access privileges; the sudden or increased frequency of requests or requisitions for data-storage devices; and unusual communication or collaboration between employees that suggest collusion. Be alert to the use of shared computers as well since insiders can load malware on them for stealing or spying on records and other data.

Equipped with these warning signals, organizations can mitigate against them. Already, organizations are constraining remote work outside of normal hours; enhancing monitoring within a time window of a damaging incident; and monitoring to detect insiders using colleagues’ accounts remotely.

In addition, savvy IT operators within organizations are employing threat-deterring technologies that monitor phone activity logs to detect suspicious behaviors. They are checking and controlling privileged accounts; watching external access and data downloads; and protecting critical files from being modified, deleted or disclosed without authorization.

By establishing what’s outside of normal behavior for specific employee roles, organizations – especially banks – can identify the abnormal behavior, issue alerts, and suspend employee access to prevent fraud in real time – before damage is done. They can institute controls that don’t allow a back-office employee to transfer customer funds, a front-office employee to change customer addresses, or collusion between employees.

When employees leave, an organization can disable their accounts and/or connections to prevent fraud, and many banks already are doing this. IT departments also can prevent installation of unauthorized data-removal storage methods and identify all access paths into their information systems. Some are deploying an easy-to-use monitoring system with Google-like search features that handle highly specific behavioral criteria. Such technology that is intuitive can eliminate errors and enable more advanced monitoring.

Organizations now can even institute alerts of suspicious patterns of behavior in real time and receive visual evidence of illegal activity while it occurs. It does this by recording screen-by-screen activity at the application level. This creates a comprehensive data trail that can be used in court.

Fraud by rogue insiders can be difficult to spot. But the advances in sophisticated technology – specifically those that analyze behaviors and determine in real time when abnormalities transcend normal behaviors – prove especially critical. Organizations now can nab insider crooks before they’ve vanished or it’s hard to prove they were responsible.

Matt Carey is vice president of solutions marketing at Bottomline Technologies, a global provider of cloud-based payment, invoice and banking solutions.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

New Technology Can Help Corral Insider Fraud

Related Articles

Related Events

Report Abusive Comment