5 minute read
·
June 9, 2024

Insider Fraud

Fernando González Paulin
Fernando G. Paulin - CEO
Experto en la generación de valor a partir de datos con experiencia en el uso de inteligencia artificial en el sector financiero para resolver problemas complejos. Especializado en detección de fraude mediante el uso de datos.

Implications, challenges and preventive measures to face the threat of insider fraud.

We well know that organizations face a wide range of risks and challenges, both external and internal. While cyber-attacks and data theft often grab the headlines, there is another equally dangerous but less mentioned threat: insider fraud. In this article, we will explore the concept of insider fraud in organizations in detail and also mention the case of the Lapuss hacker collective as a prominent example of insider fraud. In addition, we will analyze the implications, challenges and preventive measures to deal with this threat.

Insider fraud and its implications

Insider fraud refers to fraudulent activities carried out by individuals who are part of a company, this can occur regardless of the size, industry or sector of the organization and can be committed by employees, contractors or partners, whether employees, contractors or partners. These illicit actions may include theft of assets, embezzlement, manipulation of accounting records, unauthorized access to confidential information, exfiltration of sensitive information or even the sale of remote access. insider fraud often goes unnoticed for long periods of time, which can lead to devastating consequences for organizations, including significant financial loss, reputational damage, and potential litigation.

One of the examples of recent diffusion is the case of the Lapuss criminal group. This group operated with the collaboration of employees of entities that commercialized accesses, compromising information from numerous organizations and carrying out fraudulent activities. Using company employees, Lapuss members gained control of numerous accounts, accessed and exfiltrated confidential information, and is believed to have covertly diverted funds from companies.

During its operation, Lapuss used very direct methods to gain access and credentials from malicious employees. The collective established contacts with individuals willing to sell confidential information, who provided sensitive data, such as passwords and usernames, in exchange for financial compensation. Through this tactic, the group obtained valuable information that allowed them to infiltrate the internal systems of companies.

Lapssus on telegram

Challenges of insider fraud in organizations

All organizations can be susceptible to this type of attack, and in the face of this scenario, the implementation of an in-depth security approach that includes processes, technology, and people becomes vitally important to address these challenges.

Although there are numerous security mechanisms and tools to segregate functions, privileges and access, tools to analyze the behavior of assets within a network or even identify anomalies in the source IPs of remote connections, they are generally detection solutions and reaction.

To address a proactive approach to insider fraud, the life cycle of each collaborator becomes important, that is, from the time they are an applicant, with measures such as background checks, their time in the organization with awareness and control tools, and your off boarding with legal support in confidentiality agreements.

Some of the key actions may be:

  1. Safety culture: Foster an organizational culture that promotes ethics, transparency and responsibility at all levels of the organization. This involves establishing strong values and clearly communicating expectations for behavior.
  2. Internal Policies and Controls: Implement clear policies and procedures that address asset management, authorization of financial transactions, segregation of duties, and access to confidential information. Likewise, it is essential to establish adequate controls to guarantee effective monitoring and response to events that minimize the negative impact.
  3. Training and awareness: Provide regular training to employees on cybersecurity risks such as sharing credentials, warning signs and preventive measures against social engineering, etc. This helps raise awareness and empower employees to report suspicious behavior both internally and externally.
  4. Monitoring and analysis: Use data analysis tools to identify patterns and anomalies that may indicate fraudulent activities, not only at the cybersecurity level, but also contemplate the regular review of accounting records, the comparison of financial data and the implementation of detection systems of frauds.
  5. Complaints and communication channels: Establish safe and confidential mechanisms so that employees can report any suspicion of fraud without fear of reprisals. This may include reporting hotlines, anonymous emails or online reporting platforms.
  6. Implement a consequence management program: Just as you work on culture, you must also establish a framework in which the correct actions are delimited from those that represent a risk to the organization. In this way, and proactively, employees will keep in mind at all times that their actions within the organization's ecosystem have an impact. It is important that said consequence management forms part of a general code of conduct which must be communicated from the start and to which employees must adhere, being duly notified of possible actions by the organization based on their behavior.

Insider fraud analysis is generally left in a gray area between different teams such as human resources/capital, cybersecurity, internal control, reactive auditing, that is, answers are sought once malicious actions have been identified. However, in a reactive way, the analysis of previous experiences, studies and digital presence of an applicant in the processes of selection and management of collaborators can play a fundamental role in mitigating risks and protecting the company against possible insider fraud as well as in the preservation of the reputation and integrity of the organization.

Evaluating the information provided by candidates involves verifying the authenticity of personal information, educational background, employment references, and any other relevant statements. In addition, additional checks can be performed on public and private databases to detect possible indicators of fraudulent behavior, such as criminal records or previous sanctions.

On the other hand, the background verification controls allow obtaining a more complete vision of the profile of the applicants. This involves verifying your employment history, including dates of employment, titles held, and references provided. Likewise, credit investigations can be carried out to assess the financial stability of individuals, which may be relevant in roles that involve handling funds or sensitive financial information.

The importance of these analyzes and controls lies in several key aspects. First of all, they help to avoid hiring people with a fraudulent or unethical record, thus reducing the risk of dishonest behavior in the work environment, especially relevant in positions of high level of responsibility or in roles that involve access to sensitive data.

Prevention and early detection requires a combination of technical measures, solid processes, technology and an organizational culture rooted in integrity and security. What additional security measures do you consider could be effective in preventing and detecting insider fraud in organizations? We would love to hear your ideas and experiences.

More stories and insights

November 21, 2023
5 minutes reading

Debunking Myths: What are the Limits of Machine Learning in Fraud Prevention?

There are many myths about the capability of machine learning models and their functionality in preventing fraud.

Read More
October 20, 2023
5 minutes

The Intricate Link between Interest Rates and Fraud: A Comprehensive Perspective

High fraud rates can lead to high interest rates. Discover how this fascinating relationship unfolds.

Read More
September 22, 2023
4 minutes read

Why are companies looking for new ways to strengthen their KYC?

With the rise of digitalization, is it truly safe to rely solely on the KYC process?

Read More
August 10, 2023
5 minute read

How to Optimize the Onboarding Process in the Digital Age?

Learn how to optimize the onbarding proccess of new client in the digital age

Read More
January 12, 2023
5 minute read

WhatsApp Identity Theft

Find out how fraudsters can steal your account and scam your contacts in Whatsapp.

Read More
November 15, 2023
5 minute read

Why we created Trully?

A quick read about our mission and why we created Trully to help institutions fight fraud.

Read More
February 22, 2022
5 minutes reading time

The risks of fraud during the lifecycle of a digital product

Learn all about the risks of fraud during the life cycle of a digital product.

Read More
March 20, 2023
5 minutes reading time

Digital footprint as a fraud prevention tool

A quick read about the use of the digital footprint as a tool to help us combat fraud.

Read More
April 13, 2023
5 minutes reading time

Account Take Over

Find out how account takeover works and how we can protect ourselves and our company.

Read More
October 26, 2022
5 minute read

Beware of Identity Fraud

Protect yourself from identity theft with the following tips that we tell you how.

Read More
May 4, 2022
5 minute read

The black market for identity data in Mexico

Discover the magnitude of the black market for identity in Mexico and how to protect yourself against identity theft.

Read More
June 9, 2024
5 minute read

Insider Fraud

Implications, challenges and preventive measures to face the threat of insider fraud.

Read More
July 17, 2023
5 minute read

Synthetic Identity

Read more about the emergence of synthetic identity.

Read More