Two more stories in the news that highlight insider risks. The first involves an employee of American loan firm Countrywide selling sensitive customer data to a third party (see here) , the second an insider bank fraud at JPMorgan (see here).
Both cases appear to be instances of “privileged abuse” where the people in question already had authorised access to the data that they stole and sold (in the first instance) or simply used to commit fraud (in the second).
Where there is a combination of trust and access, as I stated only a couple of days ago on this blog, this can provide the corrupt employee with the opportunity to commit fraud. Most tellingly is this article from KPMG where it states that during 2007 management inflicted significantly more damage on their companies with their frauds totalling £54m, double the £27m that employees perpetrated.
According to the Kroll Global Fraud Report, during the past 3 years, 4 out of 5 firms have suffered from some form of corporate fraud. If you haven’t already done so then It’s time to start elevating the importance of this issue on your risk models and thinking about controls.