INSIDIOUS INSIDERS ‘Low and slow’ fraud by old-timers deemed most harmful
When it comes to preventing insider
fraud, financial organizations would do well to more closely monitor
experienced, mid-level employees with years on the job, according to a new study
conducted by the CERT Insider Threat Center of Carnegie Mellon University's
Software Engineering Institute in collaboration with U.S. Secret Service.
The study found that, on average,
insiders are on the job for more than five years before they start committing
fraud and that it takes nearly three years for their employers to detect their
The study, funded by the Department
of Homeland Security Science and Technology Directorate, examined technical and
behavioral patterns from 80 fraud cases that occurred between 2005 and 2012.
The study found that those committing fraud are taking a "low and
slow" approach, escaping detection for long periods of time and costing
targeted organizations an average of $382,000 or more, depending on how long
the crime goes undetected. Managers and accountants cause the most damage from
insider fraud and evade detection longer.
"We also found that nearly 93%
of fraud incidents were carried out by someone who did not hold a technical
position within the organization or have privileged access to organizational
systems," says Randy Trzeciak, technical lead of the Insider Threat
A reason that these crimes are
going undetected may be linked to the fact that technology has played a minimal
role in enabling victim organizations to detect insider fraud activity.
"Many people think that insider crimes can be addressed solely by
technical controls, but the most effective way to prevent and detect insider
crimes is to make it an enterprise-wide effort to master both the technical and
behavioral aspects of the problem," says Trzeciak.
The study highlights the following
findings, which provide insight into how the crimes were committed and the type
of people within organizations who committed them:
· Criminals who executed a "low and
slow" approach caused more damage and escaped detection for a longer
period of time.
· Insiders' methods lacked technical
· Fraud by managers differed substantially from
fraud by nonmanagers in terms of the extent of damage and duration.
· Most incidents did not involve collusion.
· Most incidents were detected through an audit,
customer complaint, or co-worker suspicion.
· Personally identifiable information was a
prominent target of those committing fraud.
"This study was an important
step in analyzing the problem and developing models of how the crime evolves
over time. We look forward to working with organizations in the financial
services sector to develop innovative technical and non-technical solutions to
combat the problem of fraud," says Andrew Moore, lead researcher of the
SEI CERT Insider Threat Center.
[This article was posted on August 6, 2012, on the website of ABA Banking Journal, www.ababj.com.]