Taxonomy of Inside Threats - Connecting IT Companies

Jul 22, 2008

After fortifying their networks’ perimeters against the external threats from mysterious computer hackers, enterprises are now focusing their attention on eliminating the recognized inside threats of systems- based fraud, misuse, and errors with better application security measures.

Every organization faces the risk of technically capable, application-facing employees and insiders who exercise their knowledge of system rules and procedures to "game" systems to commit fraud. Even ethical employees can violate application security policies to work around inefficiencies within a system but unwittingly reveal opportunities for damaging errors, misuse, and abuse.

“Though little discussed, the ‘inside threat’ causes the greatest real losses in corporations and governments today. Detecting inappropriate application activity committed by authorized users represents the ‘next frontier’ in information security,” said Matthew Kovar, Yankee Group.

This white paper outlines specific threats of systems- based fraud, misuse, and errors in an effort to educate CFOs, audit executives, and information security professionals about the inside risks and threats that their organizations must defend themselves against.

Fraud
The reliance upon automated financial systems and the IT revolution that links business processes across multiple data systems only increase this risk created by “White Collar Hackers.” Fraud and white collar hacks collectively drain 6 percent of an organization’s annual revenue, according to reports from the Association of Certified Fraud Examiners (ACFE). In 2002, these losses totaled over $600 billion. The PricewaterhouseCoopers Economic Crime Survey pegged the average loss per company at greater than $2 million. Ernst & Young has called this the lack of application security “a bigger loss problem than viruses and worms combined.”

An ACFE study found that the average scheme lasted 18 months before it was detected. More than half of the detected schemes accounted for losses greater than $100,000; nearly one in six caused losses greater than $1million.

To view the full article in PDF, click here.

Author Name	n/a
Author Company	Oversight Systems, Inc.
Body of Topic	Jul 22, 2008 After fortifying their networks’ perimeters against the external threats from mysterious computer hackers, enterprises are now focusing their attention on eliminating the recognized inside threats of systems- based fraud, misuse, and errors with better application security measures. Every organization faces the risk of technically capable, application-facing employees and insiders who exercise their knowledge of system rules and procedures to "game" systems to commit fraud. Even ethical employees can violate application security policies to work around inefficiencies within a system but unwittingly reveal opportunities for damaging errors, misuse, and abuse. “Though little discussed, the ‘inside threat’ causes the greatest real losses in corporations and governments today. Detecting inappropriate application activity committed by authorized users represents the ‘next frontier’ in information security,” said Matthew Kovar, Yankee Group. This white paper outlines specific threats of systems- based fraud, misuse, and errors in an effort to educate CFOs, audit executives, and information security professionals about the inside risks and threats that their organizations must defend themselves against. Fraud The reliance upon automated financial systems and the IT revolution that links business processes across multiple data systems only increase this risk created by “White Collar Hackers.” Fraud and white collar hacks collectively drain 6 percent of an organization’s annual revenue, according to reports from the Association of Certified Fraud Examiners (ACFE). In 2002, these losses totaled over $600 billion. The PricewaterhouseCoopers Economic Crime Survey pegged the average loss per company at greater than $2 million. Ernst & Young has called this the lack of application security “a bigger loss problem than viruses and worms combined.” An ACFE study found that the average scheme lasted 18 months before it was detected. More than half of the detected schemes accounted for losses greater than $100,000; nearly one in six caused losses greater than $1million. To view the full article in PDF, click here.

New Members

Jul 22, 2008

Member Status

Facebook Fans

Press Releases

Whitepaper Categories

Top Societies

TAG Photos

Twitter Updates