Understanding psychology of insider fraud can help enterprise case management

As National Insider Threat Awareness Month (NITAM) hits the halfway point, the running tally on insider fraud continues to hit numbers that no business or security professional wants to see. The latest: A new report from the Association of Certified Fraud Examiners (ACFE) has pegged what it calls “occupational fraud” at a total of $3.6 billion a year, with an average loss per case of  $1.8 million. That doesn’t count reputational damage. The situation has led the general counsel of the ACFE to call insider fraud the most dangerous threat to companies’ information, data and capital, “even bigger than health care fraud, tax evasion, money laundering and identity theft.”

The way I see it, the acceleration of insider fraud are consequences of the following issues:

1)    the decentralized workforce that has scattered employees and their devices

2)    the slow adoption of reliable technology to detect and prevent it

3)    underutilization of enterprise case management capabilities to investigate it

In relation to enterprise case management, a new issue is starting to appear on the insider fraud radar: employee behavior and mindset. According to the ACFE, the post-pandemic work environment has created more disgruntled employees, who are not only unproductive, but possibly downright destructive.  Identifying potential inside bad actors early enough can make the difference in resolving fraud investigations.

SH: This business is personal

The issue of employee mindset has caught the attention of several US government agencies, several of which combined for a virtual summit held to kick off its NITAM efforts. While 99% of the companies in the world are not storing nuclear secrets, they do have a level of data, information and capital that is reserved for a select group. We know a lot about the financial and reputational damage done by fraud. We don’t know as much about the profile of the employee who will commit it.

As security consultant Dr. Kirk Kennedy told the NITAM government summit, understanding the mindset can predict the potential for fraud.

“Insider threats begin with a personal predisposition,” Kennedy said. “In other words, somebody had some mental health issue, whether that's personality dysfunction, social skills, deficits, addictions, anything that would impact poor judgment... Combine that with personal and professional stressors, including financial problems, not getting a job promotion or contentiousness in the workplace. And then you'll see the person exhibit concerning behaviors that conflict with others."

Kennedy and other speakers pointed out that employee assistance programs can be a valid defense against insider fraud. Staff assigned to these programs can maintain confidentiality and also reserve the right to consult management if that employee is a danger to themselves or the company. Kennedy warned against accepting the “tunnel vision” that keeps employees on the track toward fraud. Those schemes or actual behaviors need to be detected and interrupted by the human element as well as the technology element. But interrupting potential fraud via employee assistant programs is not a silver bullet.

“The people that you should be worried about are the ones that aren't seeking treatment,” Dr. Lindsay Braden told the summit. “The ones that are seeking treatment are actually looking at exploring options to solve problems in their lives, not trying to develop a crime script for committing some kind of major breach of security here.”

SH: Activating enterprise case management

But should such a breach occur, enterprise case management needs to be a core competency. ECM has several definitions depending on the type of fraud being investigated, but suffice to say that it’s best understood by comparing today’s fraud landscape to the analog days of payment and fraud activity. When an enterprise was visited by fraud it took a mix of automated detection, disparate information sources and human effort to track down and investigate fraud. ECM done properly these days will allow investigators and analysts to manage and track all cases within a single automated system for creating and managing alerts, cases of suspicious activity and support for suspicious activity reports.

Bottomline’s recent research on ECM shows that companies on average said they rated their current ECM satisfaction rate at a meager 60%. Even more concerning is the 17% of respondents who said they don’t have a solution at all currently. Thirty-four percent said that they plan to invest in a solution within the next year; 37% said their organization only planned to invest in the next 12 to 24 months and then 11% said they had no plan to invest.

The Bottomline: The psychology of bad actors is an important part of detecting and preventing insider fraud. While quickly resolving an occurrence of fraud is important, most of the time the challenge and cost of insider fraud depends on how long it goes undetected. For detection, awareness of the insider mindset is important as is the technology available to automate it. It’s part of the narrative around insider fraud. Create that narrative and you can have a shot at avoiding a $1.8 million problem.