Insider threatNew study probes insider threat in financial services sector

When it comes to preventing insider fraud, financial organizations would do well to more closely monitor experienced, mid-level employees with years on the job, according to a new study conducted by the CERT Insider Threat Center of Carnegie Mellon University’s Software Engineering Institute (SEI) in collaboration with U.S. Secret Service (USSS). The study found that, on average, insiders are on the job for more than five years before they start committing fraud and that it takes nearly three years for their employers to detect their crimes.

A Carnegie Mellon University release reports that The Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector study, funded by DHS Science and Technology Directorate (S&T), examined technical and behavioral patterns from eighty fraud cases that occurred between 2005 and 2012. The study found that those committing fraud are taking a “low and slow” approach, escaping detection for long periods of time and costing targeted organizations an average of $382,000 or more, depending on how long the crime goes undetected. Managers and accountants cause the most damage from insider fraud and evade detection longer.

“We also found that nearly 93 percent of fraud incidents were carried out by someone who did not hold a technical position within the organization or have privileged access to organizational systems,” said Randy Trzeciak, technical lead of the Insider Threat Research Team.

A reason that these crimes are going undetected may be linked to the fact that technology has played a minimal role in enabling victim organizations to detect insider fraud activity. “Many people think that insider crimes can be addressed solely by technical controls, but the most effective way to prevent and detect insider crimes is to make it an enterprise-wide effort to master both the technical and behavioral aspects of the problem,” said Trzeciak.

The study highlights the following findings, which provide insight into how the crimes were committed and the type of people within organizations who committed them:

• Criminals who executed a “low and slow” approach caused more damage and escaped detection for a longer period of time
• Insiders’ methods lacked technical sophistication
• Fraud by managers differed substantially from fraud by non-managers in terms of the extent of damage and duration
• Most incidents did not involve collusion
• Most incidents were detected through an audit, customer complaint, or co-worker suspicion
• Personally identifiable information (PII) was a prominent target of those committing fraud.

The release notes that the CERT Insider Threat research team and the USSS will be presenting the findings from this study and strategies for prevention, detection, and response to insider fraud crimes at several upcoming Electronic Crimes Task Force (ECTF) meetings. These meetings are open to ECTF partners from public and private sector organizations as well as law enforcement. The following ECTF meetings will be held:

• NY/NJ ECTF Quarterly 1 August 2012
• DC ECTF Quarterly 10 August 2012
• Los Angeles ECTF Quarterly 17 August 2012
• Chicago ECTF Quarterly 8 November 2012
• Dallas ECTF Quarterly 14 November 2012
• Miami ECTF Quarterly 6 December 2012

“This study was an important step in analyzing the problem and developing models of how the crime evolves overtime. We look forward to working with organizations in the financial services sector to develop innovative technical and non-technical solutions to combat the problem of fraud,” stated Andrew Moore, lead researcher of the SEI CERT Insider Threat Center.

— Read more in The Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector