Survey: Insider Fraud

Not making internal theft a top security priority can be a costly mistake

On average, organizations experience about one fraud event per week, according to information from the second annual Attachmate Corporation and Ponemon Institute survey, “The Risk of Insider Fraud.” However, only 44 percent of respondents say their organization views insider fraud prevention as a top security priority, a perception that has declined since 2011. This misconception can prove costly: The average cost of a data breach in a 2011 study was $194 per lost or stolen record.

The insider fraud survey includes results from more than 700 individuals at leading global organizations. The survey reveals some alarming data security trends:

  • On average, it takes 87 days to first recognize that insider fraud has occurred and more than three months (105 days) to get at the root cause of the fraud.
  • Seventy-nine percent of respondents say that in their organization a privileged user has or is very likely to alter application controls to access or change sensitive information and then reset the controls.
  • According to 73 percent of respondents, an employee’s malfeasance has caused financial loss and possibly brand damage.
  • Eighty-one percent say they already had an employee use someone else’s credentials to gain elevated rights or to bypass separation-of-duty controls.

“This data demonstrates the invisibility of employee actions across an enterprise,” says Larry Ponemon, chairman and founder of Ponemon Institute. “While organizations may have policies and procedures to thwart insider fraud, it doesn’t mean employees will remain compliant, particularly with the rise of Bring Your Own Device practices.”

Almost half (48 percent) of respondents say that BYOD has resulted in a significant increase in fraud risk, and 77 percent of respondents say the lack of security protocols over edge devices (routers that provide authenticated access to faster, more efficient core networks) presents a significant security challenge and risk.

continue reading »