Insider fraud spikes as cyber espionage spreads

There can be no doubt that the recession is intensifying threats to the information security of corporate organisations. The insider threat is increasing, and so, too is the threat from cyber spies.

Nearly 60% of employees who lost or left their jobs last year departed with digital devices chock full of confidential data, according to a survey that figures in one of our reports.

April is security month for many IT professionals. In London, Infosecurity Europe takes place from 28-30 April. In San Francisco, the RSA Conference runs the previous week. Both events will be awash, as ever, with self-serving supplier hype about threat levels; unfortunately, the hype is close to the reality.

Take the insider threat. Employee fraud across all UK organisations grew by six times in 2008 compared with 2007, according to KPMG. And it made up more than a quarter of the £1.19bn of UK fraud. Figures for 2009, it can be confidently asserted, will be higher still.

The good news is that a raft of ingenious anti-fraud technologies can help combat this fraudulent trend: from data analytics — whether requiring systems integration or not — through endpoint management, to a new breed of authentication, tracing every actor in an organisation’s business processes.

Impressive, yes. But, as ever – though this is close to a cliché – people are the weakest link, and never more so when they are either losing their jobs or being left behind to work ever harder in an increasingly stressful economic context. The challenges here are the management ones of prioritising the sequence of employee deactivation activities, monitoring those in the “departure lounge”, and making necessary compromises in terms of what you can let people get away with.

The increased strain caused by this intensified internal threat is bound to make organisations more vulnerable externally at a time when Chinese state-sponsored espionage continues to mount.

Security expert Ross Anderson, speaking to us this week about what the G20 leaders need to do to haul the world economy out of recession, says that “they should be … agreeing the future architecture of the world financial system – in other words, what the interfaces are and (thereby) which regulator will be responsible for what”.

Similarly, containing and controlling internal and external threats is less about individual parries and more about fixing the interfaces. As an example, this issue’s article on fraud demonstrates that the future of fraud prevention must include an element of information sharing across industries and countries. It is, as always, a matter of culture and systems, not of technology, or individual organisations, in isolation.