Insider threats have become increasingly significant within the economic landscape, with malicious insider attacks now carrying the highest costs among other threat vectors, averaging USD 4.99 million. In the highly regulated world of financial services, organisations are trusted with highly sensitive personal and financial data, and any threat can lead to detrimental impacts- from financial losses and regulatory fines to damaged reputation.
Insider threats can encompass a range of risks, from corruption and organised crime exploiting insiders to access data to disgruntled employees engaging in fraud or theft. The shift to remote working, accelerated by the global pandemic, has only exacerbated this issue of insider threats, as employees continue to engage in confidential conversations in public or unsecured environments, increasing vulnerability.
A further risk is that of dual-working fraud, where with the increasing use of remote offices and global staffing to resource large organisations, this becomes a valid threat. This growing risk highlights the importance of robust internal security measures.
The growing risk of insider threats
The frequency of insider threats has been increasing in recent years, with filings to the Cifas’ Insider Threat Database (ITD) increasing by 14% in 2023. The main driving factor behind this was dishonest action by employees (49%) as the cost-of-living crisis and inflation contributed to the rise in financially motivated insider threats.
Within this, most of the individuals filed to the ITD had been in their position less than a year (38%) which Cifas has suggested could be an early indicator that employees are more willing to risk dishonest conduct in the early stages of employment.
In addition to the rise in intentional insider threats, the shift to remote working has also increased the likelihood of information being accidentally shared with bad actors as conversations overspill into a space that is not authorised. This was highlighted in the case of Tyler Loudon, who misappropriated material he overheard from his wife-a BP mergers and acquisitions manager- to conduct insider trading.
The continued prevalence of social media has also opened up new routes of attack, as the sheer amount of personal information shared on these platforms enables perpetrators to target and blackmail employees online. If not addressed early and effectively, insider attacks can have a debilitating effect on the confidentiality, integrity and availability of financial data and systems, as those involved have a strong working knowledge of the company’s systems and security practices.
The importance of robust internal security measures
The growing risk of insider threats underscores the critical need for strong internal security measures to mitigate these escalating vulnerabilities. The value of internal controls is clear, with the Cifas 2024 Fraudscape Report revealing a 20% rise in cases detected through these measures.
A rigorous vetting process is often an organisation’s first port of call when it comes to security measures, with checks such as references, identity, criminal, financial, and social media screenings, offering valuable insights. However, vetting alone is insufficient to truly identify insider threats and must be complemented by ongoing monitoring and creating a security-aware culture.
A thorough risk assessment will help identify critical assets, areas and personnel which can form the basis of a governance framework to foster internal collaboration between stakeholders, such as HR, Legal, Cyber and IT to ensure risks are regularly monitored and managed. There are also several anomaly detection tools that help identify abnormal user behaviour, such as someone accessing sensitive files out hours and potential data breaches.
A three-pronged approach
While having internal security measures in place is essential for reacting to potential insider threats, a secure reporting structure and finely tuned intelligence capability are essential to identify threats early on and establish a proactive approach to insider threats.
By leveraging a third-party reporting system, organisations can maintain comprehensive records of internal and external intelligence that can help facilitate early threat detection. Analysing this data can help organisations identify changes in behaviour, access patterns and connections to external events which can facilitate early intervention.
Gathering information from diverse sources, including technology monitoring and external partners can also help security professionals develop a comprehensive intelligence picture that can help them uncover fresh insights beyond their internal data set.
Once intelligence is gathered and it is determined that more than likely than not a fraudulent act has occurred, (the test that many civil and disciplinary cases are determined)- it is important to conclude an investigation and reach an outcome.
Prior to 2015 the UK government did not have a cross system approach to tackle insider threats, and this led to the issue of staff committing fraud or theft and being able to walk back into other roles without any control to stop them.
The UK government introduced a system that is parallel to the ITD led by CIFAS for industry to not only share intelligence but to mandate the completion of all investigations related to staff fraud. The details of those who are dismissed following investigation are then shared with HR and used for pre employment screening. In line with the Rehabilitation of Offenders Act, they also introduced a five year ban on those employees re-entering the Civil Service.
This process demonstrates that without such initiatives, employers of all sectors may unwittingly allow staff to resign or leave a role mid investigation – and then allow that person to move on and commit further harm across that sector.
Remaining proactive
While you can rarely remove the risk of insider threats completely, a proactive approach to insider threat investigations can go a long way in tackling this growing risk.
By adopting a three-pronged approach that combines security measures with a strong reporting system and robust response, you can fortify your organisation’s integrity against both internal and unintentional insider threats.
Laura Eshelby
Laura Eshelby is the Head of Economic Crime at Clue Software, with over 20 years of expertise in counter fraud and economic crime. Prior to joining Clue, Laura spent a decade at the Cabinet Office as part of the UK government, where she served as Deputy Director for Practice, Standards and Capability at the Public Sector Fraud Authority.
