Home / Blog Overview / Blinded by Employee Trust
Access Controls | August 31st, 2018

Blinded by Employee Trust

Anne M. Mulcahy, the former CEO of Xerox famously said, “Employees are a company’s greatest asset — they’re your competitive advantage. You want to attract and retain the best; provide them with encouragement, stimulus, and make them feel that they are an integral part of the company’s mission.”

While many companies including the likes of Google, Zappos, and other Fortune 500 companies have adopted Mulcahy’s philosophy into their corporate culture, there is also a looming issue that even companies with the best of cultures and trusted employees need to remember: Internal threats have become the most prevalent form of cyberattacks. Studies indicate anywhere between 60 to 75 percent of threats are caused by someone within the organization. From small-to-medium enterprises (SME) to larger ones, no organization is exempt from malicious or negligent insiders. Companies are realizing they are treading a fine line between trusting their workforce and building a strong internal control policy against insider attacks.

You would never hire somebody you can’t trust

Corporations and executives constantly face the dilemma of when to trust and when to monitor? The notion that you have hired a potential insider is incomprehensible to most managers and, therefore, the laxity in imposing stringent security controls.

Excessive access and privileged users

Excessive access is a major impact on insider threats. According to this survey, 60 percent of insider threats are said to emanate from privileged users with access to sensitive information. One-third of the employees access sensitive data to do their jobs. Managers would rather provide excess access to an employee, than take the chance of denying access to an employee who not just requires it, but finds it mission critical for the business.

Entitled independents

Then there is the perspective of the employee. Studies show that most employees who steal corporate data, don’t believe it’s wrong. The concept of “entitled independents,” where the insider believes they “own” the information they worked on or even created is quite prevalent in the corporate landscape. Eighty-five percent of employees admitted to taking company documents and information when they left a business.

Under such delicate and complicated circumstances, how can companies champion a people-centric culture and still watch their backs? How can they trust, yet verify? To answer these pertinent questions on insider threats, ERP Maestro is hosting an exclusive interactive discussion with Kelly Richmond Pope, the director of the award-winning documentary All The Queen’s Horses (ATQH), on September 6, 12 p.m. ET.  ATQH tells the story of Rita Crundwell, a single employee who embezzled nearly $54 million and went undetected for over two decades. Learn the insights Pope, a forensic accounting expert, derived while filming the story of the largest municipal fraud in US history. IBM Security’s Global SAP Competency Lead Britta Simms will also join the discussion to bring her unique security perspective to the live broadcast.

You can register for the webinar here.

Register for Q & A session with the director of All The Queen’s Horses



    Leave a Reply

    Your email address will not be published. Required fields are marked *