Payment Security 101
Learn about payment fraud and how to prevent it
Insider threats are on the rise in Australia. Insider threats can be anyone in the organisation and all it can take to cause business disruption is to gain access to sensitive information.
There are several types of insider threats. It’s important to be aware of the difference types of threats an organisation can face internally and externally. In these insider threat statistics, we highlight the potential threats can organisation can face.
Anyone can be an insider threat in an organisation. There are several types including the malicious insider, the careless employee, or an external perpetrator. Organisations must implement strong information security practices that document user roles and account privileges to minimise the risk of fraud.
Insider threat statistics have gone rampant in the last couple of years. With remote work and hybrid positions, data breaches are becoming easier to attempt when working from home due to low work supervision.
Inadvertent insider threats also known as negligent employees or careless employees are risks that organisations must monitor. These types of employees pose a significant risk because they can unknowingly breach corporate security policies or carelessly disclose sensitive data.
One way a disgruntled employee could cause a data breach from negligent behaviour is by accidentally clicking on malicious links or downloading malware on their devices. This will result in disclosing confidential information to a possible imposter or scammer.
The “goof” can be defined as ignorant or arrogant users who believe they are exempt from security policies. Typically they try to access sensitive data without requesting or asking for permission. They may abuse access such as altering data or obfuscating network activity.
Human error is a major risk in work performance. Scammers who are targeting organisations can manipulate employees into providing confidential information. A strategy a scammer may use is by poaching a careless employee into providing confidential details through phishing techniques.
Insider threat incidents can cost organisations millions of dollars annually. Other than employees, an insider attack can occur from ex-employees, contractors, vendors, business partners or an employee who is working with a supplier. Identifying internal fraudulent activities can be difficult to detect and prevent in the workplace.
One result of an insider threat is through falsifying invoices. An employee can commit fraud with a supplier by submitting duplicated or falsifying invoices. Usually, these actions are motivated by financial gain.
The cost of insider threats global report found that insider threat incidents were occurring 44% more frequently in 2022 than the previous year. Large organisations are likely to suffer a greater loss from internal fraud compared to SMEs.
The finance and Insurance industries are mostly targeted by internal and external threats. Scammers and insider threats understand that certain individuals have access to large amounts of money and sensitive information. The frequency of attacks is rising each year.
When it comes to protecting your intellectual property and networks from insider threats there are several recommended best practices that you can do to minimise the risk of fraud. For example, implementing data protection is great for organisations that are looking to control access to sensitive information and account privileges.
One way an employee can misuse sensitive data is by sending attachments of financial records to the wrong sender. To combat this action, organisations can implement verification tools to make sure the data being sent goes to the correct individual.
One method a malicious insider can steal privileged user credentials is through password cracking. This requires the employee to “guess” passwords to systems and accounts that they are trying to infiltrate. They often use phishIng techniques to question individuals during conversations.
Malicious employees are not the only type of threat when it comes to internal fraud. Essentially, anyone who has access to sensitive information can be a potential threat to an organisation. You must make cybersecurity a priority in the workplace to protect your business.
Upon an employee’s resignation, managers fail to closely monitor the exit procedure. Employees may still have access to the organisation’s network or access important files from work/personal devices. Deactivating accounts and permission must be ensured once an employee has departed.
External data breach actors involve third-party suppliers, vendors, contractors or an ex-employee. Verizon further points out that most cyber-espionage attacks begin with a successful phishing campaign. The more control you have over your data the better in managing risk.
A work from home study by IDM and Morning Consult suggests that remote workers are more likely to use personal devices and unverified tools to carry out their job. There are several threats that organisations face other than unsecured devices such as unsecured wifi networks, transferring work files, & poor hygiene practices.
According to Proofpoint’s voice of the CISO 2022 report:
Incidents involving insider threats are driven by their motivation involving revenge, ego, coercion, ideology, espionage or financial gain. Methods of attack include stealing intellectual property, installing malicious malware, hacking network systems or bypassing security.
It’s no surprise that malicious insiders are motivated by financial gain. In addition, Tessian states that their survey data shows that 45% of employees download, save, send or otherwise exfiltrate work-related documents. Whether employees are saving work for personal reasons or conducting fraudulent activity, you must monitor all data being transferred out of the organisation to reduce insider threats.
Some malicious insider threat indicators include accessing unusual resources that are not a part of their job function, accessing files or logging onto the organisation’s network at unusual times and using external data to transfer data.
Stopping malicious employees is a challenge for all organisations. However, applying a set of security solutions and preventative controls can minimise the risk. Four key components when it comes to mitigating the risk involve detection, prevention, response and recovery.
Some organisations are well equipped against dangers like spear-fishing and impersonation attacks. However, administrators have less experience when combating ransomware attacks.
Other than stolen or compromised credentials, misconfigured cloud servers are another cause of malicious data breaches. This occurs when resources have not been constructed properly or leaving systems vulnerable.
Organisations that use cloud-based accounting software or application programming interfaces (APIs) can pose a high risk. This software can leave organisations vulnerable to insider attacks via cloud misconfigurations. The severity of a data breach is high because of the sensitive information an application can store such as user credentials, email addresses and other confidential data.
Careless insider threats also known as the “pawn” pose a security risk because of human error, poor judgement and decisions or unintentional aiding. The employee involved may inattentively expose the organisation’s network.
Skill-based mistakes are a form of human error where a worker performs the wrong decision because of a slip or lapse. Another form of human error is a decision-based error. The role of human error plays a major part in cyber security breaches, and managers and team leaders should look to address these situations.
South Africa, United Kingdom & Brazil were next on the list with the highest percentage of data breaches caused by human error according to the IBM report. If we break down the data by industry, entertainment, public sector and consumer industries also led to the highest percentage of data breaches from human error.
When it comes to reducing human error, CFOs should consider the following strategies:
Managers must consider privacy and password-protected systems placed on mobile devices when sharing company data. External perpetrators are always adapting to new scam tactics that involve mobile devices. For example, phishing text messages or spoofed emails.
To ensure the safety of the business, communication and transparency are key components when discussing or addressing performance. Hiding an incident may lead to dramatic consequences. These cyber security breaches can cause further harm if not communicated to the right personnel.
Bill Blake president and chief commercial officer at Fasoo comments on the cybersecurity matter “data security strategies will evolve into a more comprehensive framework that includes discovering, classifying, protecting and monitoring any form of confidential data regardless of its location”. Controlling over who handles your data and where it’s being located should be documented in all organisational security policies.
One action managers can do to protect their business is implementing multi-factor authentication (MFA). With MFA, scammers who know or try to crack passwords to accounts are not enough to gain access. The authentication method involves 2 or more security barriers including a PIN, Face ID/Fingerprint verification or receiving an email notification.
One way to secure sensitive data in mobile applications is by encrypting the app data also known as ‘Application Layer Encryption. When encryption occurs, data is encrypted across multiple layings (disk, file and database). Sensitive data can be secured before storing it either in storage or cloud environments.
An insider threat can be anyone in the organisation involving external perpetrators. It can include employees, executives, business partners, vendors, suppliers and ex-employees.
There are 3 main types of insider threats:
Some behavioural and digital indicators of insider threats include, regularly working out-of-office hours, disorganised record keeping, requesting sensitive data that is not relevant to their job function, transferring intellectual property into personal devices or consistently violating organisational policies.
There are many reasons why an insider can commit such offences. Their motivations vary including revenge, ideology, ego, coercion, financial gain or personal reasons. Data loss prevention and threat management procedures are critical for organisations to mitigate risks.
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.