Economic downturn raises risk of security breaches, insider fraud

By Ron Condon, U.K. Bureau Chief 05 Dec 2008 | SearchSecurity.co.uk

Security UK News Digg This!     StumbleUpon     Del.icio.us

Danny McLaughlin, a fraud advisor at KPMG LLP, said that greater pressure to perform, plus the prospect of job loss, could persuade some employees to cut corners in order to meet targets, or take revenge on companies they feel have treated them badly.

Speaking at the CSO Interchange in London, McLaughlin reminded the audience of security professionals that it was easy for certain controls to be eroded. For instance, with staff being made redundant, remaining employees may be asked to take on new roles, thereby losing the necessary segregation of duties and creating an opportunity for fraud.

But it would be wrong to pin all the blame on staff. As McLaughlin said, around 60% of fraud is carried out by board members and senior management. This creates a greater need for strong corporate governance and tight controls, even for authorised users.

"It is easy for staff to get the message that they must perform at any cost," he said. "It is important to see how those messages may be received."

Staff may be under financial or family pressures, which may lead them to commit fraud, and they will find all kinds of reasons to justify their actions. McLaughlin said the excuses he encountered included "I don't get paid enough," "it's a victimless crime," "everyone else is doing it," "who cares?" and "rules are made to be broken."

The key is to build an awareness of the danger throughout the business, he said, and ensure everyone knows what is and is not allowed. Strong corporate governance should ensure that even senior managers are properly scrutinised, while a whistleblowing hotline will provide people with a way of reporting any inappropriate behaviour.

McLaughlin also said companies should make better use of data analytical techniques to spot anomalous transactions.

Tags: IT Security Frameworks and Standards,  Secure User Authentication and Authorization,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT IT Security Frameworks and Standards PCI compliance UK: The future of European merchant PCI compliance ISO 27001 SoA: Creating an information security policy document Panel advocates need for cloud computing data security standard Exclusive PCI DSS news: EU regional director rallies UK merchants Jericho Forum: Self-assessment guide How to develop a culture of security in the enterprise ICO issues draft guidelines for personal information online Using ICO privacy impact assessment template for DPA compliance How to write an information security policy The elements of a compliance-oriented architecture Secure User Authentication and Authorization Trojan virus attack using hijacked Web browser sessions hits UK banks Single sign-on technology for health care helps medics roam securely Two-factor authentication service launched for emergencies SMS two-factor authentication for electronic identity verification How to configure IIS authorization and manager permissions Preventing password fatigue with single sign-on (SSO) authentication Gridsure finds global deal for its pattern-based authentication Physical security threats: Don't gift your data away Using unique device identification for bank website security Yahoo login credentials at risk to hijacking attack

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Financial Services Authority  (SearchSecurityUK.com) IISP (Institute of Information Security Professionals)  (SearchSecurityUK.com) ISO 27001  (SearchSecurityUK.com) Jericho Forum  (SearchSecurityUK.com) UK Identity Cards Act  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary