Insider fraud is an often overlooked threat to an organization that is instead looking outward to protect its money and data. According to research released by Haystax, nearly half of survey respondents — the 508 members of LinkedIn’s Information Security Community — said they aren’t even sure if they had experienced an insider attack in the last year. Further, 74 percent said they feel vulnerable to insider threats — a 7 percent increase in the data from last year’s survey, the company noted.
“Ask any cybersecurity specialist to name the biggest security threat to an organization, and they’ll tell you it’s people,” said Haystax Technology CEO Bryan Ware in a statement.
Most of the survey respondents said that insider attacks have become more frequent in the past year, with most citing insufficient data security strategies and a growing number of devices used by employees with access to sensitive corporate data as key facilitators of inside threats.
It may come as no surprise that employees, with access to sensitive corporate data, are often the culprit of insider hacks. But a new report from Strategic Treasurer points to one professional in the enterprise that corporates may least expect: the treasurer.
In recent years, analysts have pointed to the rise in the strategic treasurer — a professional not only tasked with guiding the firm’s financial decisions, but today also tasked with helping to steer its strategic moves as a whole.
But, especially for smaller companies, said Strategic Treasurer, businesses should be wary of this trend.
“For smaller organizations, too much power given to the treasurer or financial officer, who in some cases is the sole employee responsible for making payments, can easily result in exploitation,” the company wrote in its latest report, Insider Fraud – More Prevalent Than You Think.
According to Strategic Treasurer, the issue has been especially hurtful to charities and small public offices, with treasurers embezzling funds and forging documents.
“Often,” the report warned, “it is because no other employees have the knowledge or financial prowess to recognize the signs of fraud that allows perpetrators to avoid discovery.”
Dual Controls
Whether it’s the treasurer, the CFO or an employee, businesses must take steps to protect themselves, the report said.
Dual controls enable the power structure to be broken up, meaning if a corporate treasurer or another professional wants to initiate a payment, another employee must approve of it. It’s a “simple tactic,” Strategic Treasurer admitted, but one that works. Reconciliation practices that are heavily reliant on manual processes and paper can also provide multiple entry points for a rogue employee, analysts warned,
Inadequate bank account management systems, too, can make it easier for employees — including CFOs and treasurers — to go rogue, especially if an employee leaves a company yet still has access to that system and able to use their credentials to imitate transactions. Even if employees don’t have these credentials, easy access to passwords can quickly result in fraud, Strategic Treasurer noted.
Key to combating insider fraud is recognizing that it happens.
Often, according to research, the fraud may be the result of a mistake. According to recent data from Forcepoint, 30 percent of survey respondents said they are unsure if their organizations are vulnerable to an insider threat. More than a quarter said they did not know that sharing work credentials could pose a threat, while 11 percent said they had sent data to third-parties.
Perhaps most concerningly, according to Forcepoint, more than a third of employees said they had never received data protection training. A lack of information and understanding of how to combat insider threats means a business has no chance when an employee — even a trusted treasurer — goes rogue.