Malicious insiders the fastest growing threat to cyber security, warns report
Staff - like Edward Snowden, perhaps - an ever-increasing security risk for all organisations, warns consultants EY
The risk of a data breach, or losing data as a result of an insider threat by a malicious employee, represents the fastest growing risk to UK companies, consultancy EY - formerly Ernst & Young - has warned.
According to EY's 2016 Global Forensic Data Analytics Survey, Shifting into high gear: mitigating risks and demonstrating returns, it's insider threats that pose the biggest risk to organisations becoming a victim of fraud, corruption or data loss.
Perhaps the most high-profile example of the impact an insider can have is Edward Snowden, who leaked thousands of confidential files from the US National Security Agency (NSA), where he worked as a contractor.
While working at the NSA, Snowden persuaded colleagues to give him their login details and passwords, which he later used to gain access to classified information that he later leaked to the media.
A total of 83 per cent of respondents told EY that they felt that cyber breaches and insider threats posed the fastest growing fraud risk. Meanwhile, 65 per cent said that fraud, such as false expenses claimed, was also a significant risk. Just under 70 per cent of those surveyed also thought that UK businesses need to do more to combat fraud.
"UK companies are facing both old and new challenges in fraud prevention," said Paul Walker, EY's UK head of forensic technology and discovery services.
"It is interesting to see that the more ‘low tech' forms of fraud, such as submitting false receipts, still pose a big concern for many companies, as well as the evolving threat of cyber crime, which is now an everyday reality and a relentless challenge in order to stay ahead of the hackers," he continued.
Walker said that increased concerns about cyber fraud and insider threats are forcing organisations to turn to more advanced methods to detect suspicious or damaging behaviour.
"We are therefore seeing more boards and senior management looking towards advanced technology, such as forensic data analytics, as a critical component of their risk management and compliance programmes," he said.
"This is especially critical given the current regulatory enforcement environment and market reaction to instances of alleged corporate fraud, bribery and cyber breaches," Walker added.
According to the report, organisations are increasingly using advanced forensic data analytics (FDA) in a bid to fight off ever more sophisticated cyber threats. EY claims the use of these visualisation tools has doubled over the past two years as data mining techniques are used to detect fraud.
"Given the level of pressure organisations are facing on fraud prevention, it is no surprise that businesses are taking a more sophisticated approach. Surveillance monitoring programmes that use FDA can help organisations to strengthen their compliance programmes, and bolster the confidence of regulators and other stakeholders," said Walker.
However, despite big steps being made by organisations, governments and regulators to protect against cyber threats of all kinds, Walker warned that "the fight isn't even nearly over".
He concluded: "There is, of course, always more to be done. A focus on proactive monitoring as well as continued investment in new technology will ensure UK businesses continue to lead the way in addressing fraud and corruption risks."