What Does the Typical Insider Threat Look Like?

Lora Bentley
Slide Show

Five Steps to Preventing Insider Data Breaches

Follow these best practices to help reduce your risk of an insider data breach.

One of the biggest risks any company faces comes from the inside-its own employees. But how is a chief executive or a risk manager supposed to address that risk if he or she can't pinpoint the employees who commit fraud?


Last week, the Association of Certified Fraud Examiners released its 2010 Report to the Nations on Occupational Fraud & Abuse, which is based on the results of a survey of members who investigated fraud cases between January 2008 and December 2009. Among other things, the report includes a profile of the "typical fraudster."


More often than not, the employee who commits fraud is male, between the ages of 31 and 45, and works in one of six departments: accounting, operations, sales, executive/upper management, customer service or purchasing. Moreover, these workers typically have not committed a fraud offense in the past. However, they do often provide behavioral clues to co-workers or managers of possible fraudulent conduct.


ACFE President James D. Ratley explained:

Fraudsters exhibit behavioral warning signs of their misdeeds. It's important to remember that this human element of fraud-demonstrated in red flags such as living beyond one's means or exhibiting control issues-is not identified through an audit or other traditional controls. This is why the staff at any organization should be trained to recognize these and other common behavioral signs that a fraud might be occurring. Moreover, they should be encouraged not to ignore such red flags, even when discovered by accident, as they might be the key to detecting or deterring a fraud.

Add Comment      Leave a comment on this blog post
Sep 15, 2010 1:49 AM Todd Moore Todd Moore  says:


I agree that persons evaluating risk need to know who "has" commited fraud. Once discovered those employess should be given their walking papers. Thus they are at least now, no longer present a risk. However, I feel that we need to tread very carefully when moving in the direction of "profiling" individual employess. The issue of concern to me is that once an employee fits the "profile" they may, at least for the term of their employment, be unfairly cast at severe cost to their job, and possibly even their career, such as in the case of Federal/DoD.

Considering the above, I feel that we must also consider the "risk" to the profiled indivdual as well.

Just my thoughts...

Todd Moore

Information Assurance Officer

Intellicheck Mobilisa


Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.