Economic downturn raises risk of security breaches, insider fraud

Fraud advisor Danny McLaughlin warns that the threat of insider fraud and security breaches will increase as economic times get tougher.

The threat of insider fraud and security breaches will grow as economic times get harder, an expert has warned.

Danny McLaughlin, a fraud advisor at KPMG LLP, said that greater pressure to perform, plus the prospect of job loss, could persuade some employees to cut corners in order to meet targets, or take revenge on companies they feel have treated them badly.

Speaking at the CSO Interchange in London, McLaughlin reminded the audience of security professionals that it was easy for certain controls to be eroded. For instance, with staff being made redundant, remaining employees may be asked to take on new roles, thereby losing the necessary segregation of duties and creating an opportunity for fraud.

But it would be wrong to pin all the blame on staff. As McLaughlin said, around 60% of fraud is carried out by board members and senior management. This creates a greater need for strong corporate governance and tight controls, even for authorised users.

"It is easy for staff to get the message that they must perform at any cost," he said. "It is important to see how those messages may be received."

Staff may be under financial or family pressures, which may lead them to commit fraud, and they will find all kinds of reasons to justify their actions. McLaughlin said the excuses he encountered included "I don't get paid enough," "it's a victimless crime," "everyone else is doing it," "who cares?" and "rules are made to be broken."

The key is to build an awareness of the danger throughout the business, he said, and ensure everyone knows what is and is not allowed. Strong corporate governance should ensure that even senior managers are properly scrutinised, while a whistleblowing hotline will provide people with a way of reporting any inappropriate behaviour.

McLaughlin also said companies should make better use of data analytical techniques to spot anomalous transactions.

Read more on Identity and access management products