Firms act to combat the threat of insider data breaches

DataIQ News

Businesses are waking up to the potential threat posed by their own staff in carrying out malicious data breaches, with nearly two thirds (63%) of firms now believing that disgruntled employees are a significant threat, up from 41% in 2017.

That is according to Callcredit's 2018 annual fraud report, entitled  Building a Fraud Fortress, which examines how businesses can protect themselves, their customers and their staff, and finds that fraud leaders are betting on a mix of employee and customer education, alongside advanced technology solutions, to counter the growing threat.

Perhaps the most notorious insider attack was carried out in 2014 by Morrisons’ senior internal auditor Andrew Skelton, who leaked the payroll data of nearly 100,000 employees, including names, addresses, bank account details and salaries, after being accused of using the internal post-room to sell legal highs.

It transpired that he was simply sending receiving and posting goods he had bought and sold on eBay. But by then the damage was done. He was found guilty and was jailed for eight years in 2015.

A High Court ruling on the amount of compensation Morrisons must pay current and former staff over the breach has yet to be published.

However, according to the Callcredit report, an insider attack is just one of the many possible avenues. There is also the risk of employees being exploited and customers being scammed, as well as cyber attacks and data breaches. The threats experienced most frequently are against authentication systems (45%), web-based services (43%), and phishing (42%) - demonstrating the breadth of technological and human-based methods that fraudsters are adopting.

The question for businesses is how to fight back and Callcredit's research illustrates the importance of education, as well as the technology-based solutions which 57% regard as being key to fraud protection.

Nearly half (49%) are already including some specific anti-fraud education as part of all employees' induction and many have plans to develop training programmes further. Some 43% of managers aspire to implement live exercises to test how staff respond, and 42% see employee drills having a role in combating fraud.

When it comes to technology, 45% of those surveyed are currently using surveillance and 42% are using URL tracking as preventative measures, while nearly half (45%) are looking to deploy artificial intelligence as a preventative tool in the next two years.

Callcredit managing director of fraud and ID John Cannon said: "Education and training undoubtedly play an essential role when it comes to preventing fraud so it's encouraging to see from the research that this is already firmly embedded with nearly half of UK businesses. However, it's important to adapt and evolve training to keep up with the fraudsters - it can't simply be a tick-box approach. Live exercises and employee drills are a good idea as it's important to simulate realistic situations.

"But education is only one piece of the puzzle and businesses should be thinking about the other tools available that can be used to help better protect themselves against fraud. It was interesting to note some of the technologies fraud leaders are looking to use in the next year - ID verification (90%), machine learning (37%) and biometric screening techniques (37%) - as this reaffirms the importance of the balance between more traditional techniques and emerging tools.  While businesses need to keep up with the latest developments, these should be enhancing existing verification techniques."