The Rise and Rise in Cyber Fraud (The Insider Threat)

Cyber crime cost UK businesses £1bn last year, but what is the true price?

In the news we’ve seen a lot about the online abuse of consumers, but the increase in B2B fraud is something not enough leaders are talking about. Cybercrime and corporate fraud against UK businesses was up seven-fold in 2016, with 90% of companies interviewed in a recent Kroll survey experiencing a cyber-attack or loss of information, giving the UK the second highest rate of cyber incidents. It’s not about someone breaking through a window or door after business hours any longer; the biggest threat to businesses now is a potentially the invisible one that exists 24 hours a day, both from the outside and more worryingly, from within, and it’s one that can destroy entire companies and sink the careers of senior executives.

All the data shows that the majority of attacks on businesses come from within…

Current or ex-staff members engaging in theft of some kind or misusing company credit cards and expense accounts was in the top 10 most reported crimes last year, with a total of 37,070 reported to City of London’s National Action Fraud reporting centre, which is the central point for reporting this kind of crime in the UK, with companies in London and Essex most affected, with, respectively 5,742 and 2,505 reports of cybercrime to the Metropolitan Police). For example, a recent scam where cold callers pretending to be members of bank fraud departments persuaded 750 Lloyds and Royal Bank of Scotland customers to reveal security details and £113m for the taking. Three Lloyds insiders were later convicted and police described the insider attack as one of the biggest cyber fraud scams ever investigated in the UK.

Insider threats still aren’t recognised as the gaping issue they are…

Extortion via ransomware, phishing, malware, mandate fraud, spearphishing, theft of physical assets, misappropriation of funds; there’s a whole community of attackers learning from each other and the list becomes more intelligent and devastatingly effective every day. Burglar alarms are all very well but not when you or a colleague is letting criminals walk through the front door. Whether it’s malicious, someone who’s been tricked, or someone who’s made a mistake, an insider could bring down your business with a single USB or WeTransfer. Or at the very least make off with $420m and destroy your reputation, like Target in 2013: the victim of an insider attack through an unwitting vendor with access to their infrastructure.

With cloud services like Dropbox, Google drives, social media, the use of big data and employees using their own email accounts and devices to work, letting increasing numbers of strangers through the front door is becoming common business practice. Contractors, managers and other privileged access users require legitimate access to an organisation’s cyber-assets but they hugely increase insider threat. Malicious insiders have knowledge of and unrestricted access to proprietary systems, so their actions can easily go undetected by security systems designed to defend against external threats. The impact of insider threats can devastate company revenues, business continuity, customer satisfaction, corporate reputation and employee morale, and everyone pays the price. It’s not just big brands like Target either; a student accommodation company were tricked into giving away data that led to the loss of £230,000, and a report from the Federation of Small Businesses (FSB) estimates that small businesses in the UK are attacked over 7 million times per year, despite 93% claiming to have taken steps to protect themselves from insider threats.

The measures used to defend against external threats just don’t work for insiders…

With more complicated systems, more privileged users and cyber and insider attacks becoming the norm all over the world, it’s clear that businesses need to have systemic processes in place to prevent, detect and respond to such risks in order to avoid catastrophic financial and reputational damage. Unfortunately, few corporate security strategies focus on such solutions and traditional network defence systems are just reactive, designed to detect hacks through a firewall or other perimeter appliance. By implementing a privileged access management (PAM) system, businesses can see what is going on inside at all times and limit insider threat. PAM allows you complete control of all privileged activity across multiple networks:

What is Privileged Access Management (PAM)?

Osirium’s PxM Platform:

  • Perfectly manages context driven access over any number of systems across an infrastructure.
  • Authorises privileges for users only when and in which systems they are needed, then automatically revokes those privileges once the requirement is complete.
  • Automates administrator tasks without exposing Privileged Accounts, securing the most vulnerable entry points for attackers & improving workflow.
  • Ensures full accountability and visibility for meeting compliance mandates and deters insider threats by providing irrefutable evidence & granular audit trails of privileged activities.

Addressing the balance with (PAM)…

No one really knows how big the problem is. There’s global-scale ignorance about the nature of insider threats, national policing has yet to catch up both in terms of skills needed to catch cyber criminals and manpower, and insider attacks are also massively under-reported (many businesses keep quiet because they don’t want to risk reputational damage). One third of UK firms are stockpiling bitcoins in case of such an attack, to use as ransom money for restoration of access or the return of their data, which is a clear indicator that things are out of control. PAM applies the controls and  visibility to valuable assets on a network infrastructure and will go a long way to helping prevent this growing problem and keep corporate assets, jobs, bonuses and reputations truly safe from insider threat.

To find out more about how our PxM Platform can help protect against insider threat and control the misuse of privileged accounts, visit