Data shows increased need for an enterprise fraud management solution

Information from a new Survey on the Risk of Insider Fraud by Attachmate Corp. and the  Ponemon Institute shows that more organizations need to turn a scrutinizing eye toward their own risk.

The survey encompassed more than 700 organizations and revealed some alarming data security trends:

•    More than 75% of the respondents indicated that privileged users within their own institutions had or were likely to turn off or alter application controls to change sensitive information—and then reset the controls to cover their tracks.

•    Eighty-one percent replied that individuals at their institutions either had used or were likely to use someone else’s credentials to gain elevated rights or bypass separation of duty controls.

•    On average, respondents noted that their organizations experienced more than one incident of employee-related fraud per week—about 53 in a year’s time. Twenty-four percent of respondents indicated that their organizations experienced more than 100 incidents in the past 12 months.

•    Once an incident has occurred, it takes organizations an average of 89 days to discover it and an additional 96 days to uncover the root cause and determine the consequences to the organization.

•    A majority of respondents—62%—were unable or unsure of their ability to assess the financial impact and true costs of fraud.

•    Approximately two-thirds of internal fraud investigations do not result in actionable evidence against the perpetrators, meaning a majority of the incidents go unpunished and leave organizations vulnerable to additional incidents.

“This data demonstrates that employee actions across an enterprise are not visible,” says Larry Ponemon, chairman and founder of the Ponemon Institute. “While organizations may have policies in place that are meant to curtail insider fraud, what’s on paper doesn’t necessarily lead to compliance.”

In fact, 52% of respondents noted that they do not believe they have the appropriate technologies to prevent or quickly detect insider fraud, including employees’ misuse of IT resources. Traditionally, IT departments review log files to analyze employee activity. However, 78% of respondents believe the manual review of log files is an inadequate method for observing questionable or suspicious employee access and computing activities.

“In a recent incident at a prominent financial institution, part of the issue with insider trading came down to the fact that the trader was straddling more than one surveillance team. The log files from each surveillance team did not see activity in other compliance units,” says Christine Meyers, director of Attachmate’s enterprise fraud management solutions. “Next-generation enterprise fraud management solutions, such as Attachmate Luminet, are able to correlate cross-channel activity, score risk, and provide a screen-by-screen replay of what actually occurred.”

According to the research findings, another reason insider fraud is so prevalent may be due to the fact that it does not register on a list of organizational priorities for many CEOs and C-level executives. Only 16% of survey respondents indicated that CEOs and other C-level executives recognized the risks of insider fraud as very significant. Organizations face significant consequences from internal incidents, such as financial implications, reputation damage, and/or theft of sensitive or confidential information. Yet, insider fraud remains a high risk for organizations, mostly because they fail to implement sufficient resources to prevent or quickly detect insider fraud.

“By highlighting this data, we hope to encourage organizations to realize they are not immune,” says Meyers. “Insider threat is a real and growing risk. It is the kind of threat that gets worse the longer you fail to take action. Institutions are increasingly being held accountable for failing to address this critical issue. Wringing our collective hands and claiming ‘nothing can be done’ is to concede defeat. Organizations with leadership and vision are taking a stand and seeking solutions today before they become tomorrow’s headline.”


http://www.attachmate.com/Press/PressReleases/sep-22-2011.htm