New Twist on Insider Crimes

In Utah recently, a computer consultant was sentenced to five years in prison for stealing nearly $2 million from four Utah credit unions by programming extra deposits for himself. This case exemplifies one of the more complicated questions about insider fraud: What happens when you're being pilfered by trusted third-parties? Andrew Moore, a senior member of the CERT technical staff at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University, says that of the 300-plus insider crime cases that CMU has studied, 45 of them are directly related to a trusted business partner. In these cases, "trusted business partner" is defined as any external business or individual that the institution has contracted with to do a service for the institution, which involves authorized access to organization data, networks and internal infrastructure. Of these 45 cases, Moore says, two things standout: the types of insider crimes and the types of people who committed them. And the two factors are linked. Posted in: Internal Fraud