- La colaboración entre Seguridad y FinOps puede generar beneficios ocultos en la nube
- El papel del CIO en 2024: una retrospectiva del año en clave TI
- How control rooms help organizations and security management
- ITDM 2025 전망 | “효율경영 시대의 핵심 동력 ‘데이터 조직’··· 내년도 활약 무대 더 커진다” 쏘카 김상우 본부장
- 세일포인트 기고 | 2025년을 맞이하며… 머신 아이덴티티의 부상이 울리는 경종
Insider Threats Maintain a Rising Trend
“When the cat’s away, the mouse will play,” the old adage goes. Filings to anti-fraud non-profit Cifas would support that claim, as Insider Threat Database (ITD) reports rose by 14% this past year and are largely attributable to hard-to-monitor work-from-home employees mixed with “increasing financial pressures.” The report details further incidents of dishonest behavior as recorded this year by the UK’s National Fraud Database (NFD).
Insider Threats on the Rise
Over 300 individuals were reported to the IDT in 2023. The most common cause? Dishonest action to obtain benefit by theft or deception. This type of fraud now represents nearly half (49%) of all reported insider incidents, up ten percent from last year.
Cifas notes that the ongoing cost-of-living crisis could be a contributing factor, as more desperate times are tempting workers who would otherwise not consider dishonest actions.
The second-most common cause of insider deceit is false employment application. This is when an organization falsifies the number, type, or existence of employees to gain some type of benefit like a tax break, minority hiring incentive, fraudulent worker’s compensation claim, or even maternity benefit. With not enough boots on the ground to investigate and verify each “employee,” this type of case can be difficult to track. A full one-third (33%) of all internal fraud cases are linked to this type of act.
The good news is that the number of cases caught through internal controls is up by 20%, indicating a positive rise in company-based monitoring. However, the total number caught in this way still equals less than six out of every ten instances.
Interestingly, the data revealed most of those caught in fraudulent activity had been in their position for less than a year. The numbers shot up from 21% last year to 38% this. This rise could be due to a combination of factors: lack of loyalty to a still-new employer, the fact that controls are simply better at catching incidents than they were in the past, or the phenomenon of more experienced employees simply knowing better ways to hide.
How long an employee had been in their position continued to be a determining factor in other crimes:
- Account misconduct | 64% of account misconduct incidents came from those employed for one year or less.
- Bribery | 80% taken by bribery had been employed for over a decade. This could possibly be because threat actors find those with the most experience the most valuable targets for information worth paying for.
- Unlawful disclosure of commercial data | 75% of those caught stealing company secrets had been employed for under five years.
Other Instances of Fraud
There were more than just insider threats reported to Cifas in 2023. Other cases of fraud included:
Misuse of facility | This is where “an account or other facility is obtained, with the deliberate intent of using that facility for a fraudulent purpose.” Fraud in this area was seen primarily in loan products (+82%), asset finance (45%), and plastic cards (17%) – all ways of obtaining credit. Notably, the increase in new (and fraudulent) loan products was connected with a widespread evasion of payment on current loans issued under the Coronavirus Business Interruption Loan Scheme (CBILS).
Identity fraud | While overall rates were down (-14%), bank accounts saw a 12% increase in identity fraud, particularly personal accounts. Persons over the age of 61 years continue to be the primary targets (24%), followed by those between the ages of 51-60 years (21%), and the most common tactic of choice continues to be impersonation involving a current address (77% of all identity fraud cases).
Facility takeover | Facility takeover occurs when a legitimate account is compromised by a threat actor who impersonates the actual owner, gains control of the account and makes unauthorized transactions. This past year saw a 13% increase overall in this department, attributed largely to a massive 59% increase in the telecommunications sector. Telecoms now account for 41% of all facility takeover filings as cybercriminals increasingly use mobile phones as a vehicle for account takeover instead of the (potentially more difficult) identity fraud tactic used in previous years.
Causes of Workplace Dishonestly
Cifas offers several explanations for the increase in employee fraud rates.
- AI-powered fraud (such as word-perfect phishing campaigns) makes it easier to deceive users and more difficult to detect a fake.
- Social media opens up numerous avenues for deceit, account hacking, and communication that can lead to recruitment for fraudulent activities.
- The cost-of-living crisis puts individuals in a vulnerable position in which they are more likely to take a chance on a risky “investment scheme” or blatantly fraudulent act.
These factors, combined with the increase in remote work, make day-to-day activities more difficult to monitor and instances of dishonesty more challenging to detect. Regulations across the UK are springing up in response to the rise in fraud; they include the Online Safety Act, the Economic Crime and Corporate Transparency Act 2023 (ECCTA), and a mandatory reimbursement requirement for Authorized Push Payment (APP) fraud. Let’s just hope that these well-intentioned counter-fraud measures don’t leave loopholes that could lead to – well, even more fraud.
To learn more, check out our Ultimate Guide to Insider Threats.