Wealthy staff, not hackers, often thieves

[InfoSec News <alerts () infosecnews org>]

http://www.zdnet.com.au/wealthy-staff-not-hackers-often-thieves-339326370.htm

By Michael Lee
ZDNet.com.au
November 17th, 2011

Companies are being duped more by their own employees than by external 
hackers when it comes to cyber fraud, according to KPMG Forensic 
associate director Stan Gallo, and those employees are often high 
earners.

Gallo presented his talk on corporate identity theft and fraud at 
Attachmate Group's A Powerful Connection 2011 event today in Sydney, 
revealing that the typical fraudster isn't your average, scruffy-looking 
bedroom hacker, but more likely an insider within the corporation.

In 65 per cent of all fraud cases, insiders tap into an organisation's 
IT systems, secretly siphoning off money from the company, or selling 
intellectual property.

One example that Gallo provided was a mother who helped herself to $1.2 
million on top of her $40,000 salary by gaming the company's invoicing 
system. Working in the accounts-payable department of the company, she 
noticed that payment details were being stored on a shared network 
drive. After editing the file to fill her own account, she would wait 
until repeat invoices would be issued, and then abuse her position to 
approve the payment, hiding it among the other several thousand payments 
that the company made to cover her tracks.

Although the average amount stolen in Australia was $229,000 per 
incident, Gallo said that women tended to steal much more than men. Yet, 
in general, the thefts were more likely to have been perpetrated by a 
man.

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn