Employees are increasingly colluding with external people to defraud their employers, research has shown, and it’s taking more than two years for companies to realise it.
A general insurance survey by KPMG, revealed there was an “increase in collusive behaviour by fraudsters, and in particular, collusion between people within an organisation with an external person”.
“The real problem with collusion is the huge impact it has on the time it takes to detect the fraud, which has increased to an average of 665 days – by far the longest detection period,” the report stated. This is an increase on the 410-day average in 2010.
The survey also found that men were three times more likely to commit fraud than women; there was an 82% increase in individual fraud exceeding $1m and 91% of perpetrators for major fraud had no known history of fraud.
A similar report by Verizon found that 97% of attacks on financial services firms came from outside the company and most attackers were concentrated in Eastern Europe, followed by North America.
Worryingly, in more than half of cases surveyed, it took hackers just minutes to break in but yet more than half of breaches took weeks to detect and contain.
“This huge gap gives the attacker plenty of opportunity to get what they’re after,” the report said.
Two-thirds of the breaches that were studied involved ATMs and 20% involved a database.
Verizon also found that 78% of frauds involved the use of Malware; 66% used stolen credentials; 52% concerned backdoor methods; 45% attacked businesses via export data; 39% turned to backdoor or C2 hacking and 38% of breaches involved SQL injection.
“Financial services companies are frequently targets of choice rather than opportunity,” the report concluded. “This forces attackers to use more methods – often several in a single attack. The result is a more diverse threat landscape, and, therefore, the need for a more sophisticated set of controls.”
Top tips for improving your defences
• Implement two-factor authentication where appropriate to reduce the effectiveness of credential-capturing malware.
• Blacklist IP address blocks/regions that have no legitimate business purpose.
• Restrict administrative connections— consider only allowing them from specific internal sources.
• Increase application testing and code review to reduce SQL injection attacks, cross-site scripting and other common weaknesses.
• Implement a security development lifecycle approach for application development.
• Train users to spot signs of breaches, indicators of tampering and commonly used social engineering methods.
• Educate customers on signs of tampering and fraud.