Detecting Insider Threats – Easy in theory, hard in practice

The newspapers are full of coverage about the amazing case of Jerome Kerviel, the rogue trader at Societe Generale, alleged to have gambled $73 billion and cost the bank $7 billion. It’s a staggering loss, yet it’s a classic risk faced by all big banks. In fact some have suggested that there is no defence against this type of insider threat. Can that really be the case?

Yes and no. In theory it should have been easy. This was a man, like Nick Leeson, with knowledge of back office systems and their checks and controls. That is a clear risk. It’s claimed he didn’t take holidays and refused to allow colleagues to cover his desk. These are classic signs associated with insider fraud that should ring alarm bells.

Why was he not uncovered earlier? Because it’s not that easy in practice to challenge company staff. Most people don’t expect fraud. It’s outside their experience. They’re trusting and they respect other peoples’ privacy. It’s not nice to point suspicious fingers at colleagues. Managers defend their staff. And their initial reaction to a suspected fraud is to disbelieve accusations. It’s human nature. That’s why insider threats are hard to detect.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close