- The problem of internal fraud is one of the most wide-reaching fraud typologies, spanning many departments, roles, processes and systems. As a result, it presents companies with a very real challenge of ‘where to begin’. The same qualities that help employees work well can also help them perpetrate fraud.
According to Forrester, their survey of network security decision makers showed that 24% of breaches in the last 12 months were the result of an internal attack.
Four common schemes are found:
• General Ledger fraud,
• Identity theft,
• Account takeover,
• Collusion with external criminals—insiders may devise ways to stay under the radar for years by taking advantage of internal vulnerabilities.
In order to combat internal fraud, companies have to seek a solution that will highlight any inconsistency in the workflow. Secure access to all applications and identity of individual accessing systems has to be managed centrally.
PASSWORD RISKS ARE HIGH, AND SO ARE THE COSTS
According to our Forrester Data Global Business Technographics® Security Survey, 2017 of enterprise organizations that have suffered at least one data breach attributed to an external attack, cybercriminals used stolen user credentials to carry out 31% of the attacks.
Today’s employees must interact with a wide range of systems and applications. While technologies such as two-factor authentication (2FA), web single sign-on (SSO), and privileged identity management are helping to reduce reliance on static, easy-to-hack passwords, security teams still require passwords and use them to authenticate employees into a range of commercial and custom applications. Consequently, security professionals must still manage and deal with password-related issues such as:
Employee Behavior Exacerbates Password Risks
Hackers are aware of the persistence of passwords and continue to seek to gain access to systems to exfiltrate data by compromising password credentials. In just the last 12 months, the Yahoo and Equifax breaches provided cybercriminals with 3 billion compromised consumer accounts. Unfortunately, the password problem appears to be getting worse because:
• It is estimated that the average adult possesses more than 25 active online accounts, and that number is growing. Such a proliferation of accounts makes it very challenging for users to maintain strong password discipline. It invariably leads to weak password selection and weak password reuse across services, which only increases potential of data breaches since users often use the same user name/password combination across multiple sites.
• Despite data breaches, users still generally practice poor password hygiene.
• Users’ continued willingness to become victimized by phishing emails only further adds to the problem. According to survey data from global network security decision makers employed at enterprise firms (of 1,000 or more employees) that have had an external breach in the past 12 months, 18% of external attacks were carried out by phishing schemes.
• Users compound password issues with inadequate storage of weak passwords.
• Mobile and bring-your-own-device (BYOD) scenarios add to password complexity. While the convenience of the mobile device is hard to overlook, complex password entry can be challenging on mobile devices, thereby forcing users to select weaker passwords. Furthermore, in BYOD scenarios, employees may be interacting directly with sensitive corporate data in the cloud via the mobile device, limiting the effectiveness of most organizations’ existing perimeter-based security controls.
Start the journey of securing access internally by biometrically enabling your enterprise applications. This is a relatively simple process to implement as you have easy access to all your employees and their infrastructure. The need to integrate a biometric Single-Sign-on solution with your HR applications is an area of focus for 2identiy, where we have made Identity and Access management our business and we have delivered many successful IAM implementations.