Blinded by Employee Trust31, August 2018
Anne M. Mulcahy, the former CEO of Xerox famously said, “Employees are a company’s greatest asset — they’re your competitive advantage. You want to attract and retain the best; provide them with encouragement, stimulus, and make them feel that they are an integral part of the company’s mission.”
While many companies including the likes of Google, Zappos, and other Fortune 500 companies have adopted Mulcahy’s philosophy into their corporate culture, there is also a looming issue that even companies with the best of cultures and trusted employees need to remember: Internal threats have become the most prevalent form of cyberattacks. Studies indicate anywhere between 60 to 75 percent of threats are caused by someone within the organization. From small-to-medium enterprises (SME) to larger ones, no organization is exempt from malicious or negligent insiders. Companies are realizing they are treading a fine line between trusting their workforce and building a strong internal control policy against insider attacks.
You would never hire somebody you can’t trust
Corporations and executives constantly face the dilemma of when to trust and when to monitor? The notion that you have hired a potential insider is incomprehensible to most managers and, therefore, the laxity in imposing stringent security controls.
Excessive access and privileged users
Excessive access is a major impact on insider threats. According to this survey, 60 percent of insider threats are said to emanate from privileged users with access to sensitive information. One-third of the employees access sensitive data to do their jobs. Managers would rather provide excess access to an employee, than take the chance of denying access to an employee who not just requires it, but finds it mission critical for the business.
Then there is the perspective of the employee. Studies show that most employees who steal corporate data, don’t believe it’s wrong. The concept of “entitled independents,” where the insider believes they “own” the information they worked on or even created is quite prevalent in the corporate landscape. Eighty-five percent of employees admitted to taking company documents and information when they left a business.
Under such delicate and complicated circumstances, how can companies champion a people-centric culture and still watch their backs? How can they trust, yet verify? To answer these pertinent questions on insider threats, ERP Maestro is hosting an exclusive interactive discussion with Kelly Richmond Pope, the director of the award-winning documentary All The Queen’s Horses (ATQH), on September 6, 12 p.m. ET. ATQH tells the story of Rita Crundwell, a single employee who embezzled nearly $54 million and went undetected for over two decades. Learn the insights Pope, a forensic accounting expert, derived while filming the story of the largest municipal fraud in US history. IBM Security’s Global SAP Competency Lead Britta Simms will also join the discussion to bring her unique security perspective to the live broadcast.
You can register for the webinar here.