This is the third in a series of five extracts from EY’s EMEIA Fraud Survey 2017 – Human instinct or machine logic: which do you trust most to fight fraud and corruption? Visit ey.com/fraudsurveys/EMEIA to access the full version.
EY’s EMEIA Fraud Survey 2017 explores views on data monitoring from 4,100 people across 41 countries.
An organization’s critical digital and physical assets are at greater risk of theft, damage and manipulation by insiders than ever before. Increased global connectivity means that anyone with access to company data, anywhere in the world, can exploit weaknesses in data security. Often, these are trusted employees who have been permitted access to, or have knowledge of, critical data sources.
Insider threats and behavioural patterns
Threats posed by insiders are difficult to detect without gathering and analyzing data from a variety of sources. By focusing on behavioral patterns such as anomalies in employee work hours, attempts to access restricted work areas and the use of unauthorized external storage devices, companies can identify individuals who may pose a higher risk to the business. Once risk ratings have been established, organizations can then consider, based on the new information, whether to place highrisk groups under further review.
Data monitoring and employee privacy
Despite the need to collect such data, our survey identified a tension between opinions about what data companies should monitor and the types of surveillance that their employees consider a violation of privacy. Seventy-five percent of our respondents say their companies should monitor data sources such as emails, telephone calls or messaging services, and yet, 89% of respondents would consider monitoring these data sources as a violation of their privacy.
Protecting assets from insider risk
Companies should bridge this gap by raising awareness of the importance of collecting such data and of the potential consequences if company data is leaked or stolen. The financial, reputational and regulatory impact of having an organization’s critical assets stolen or damaged can be catastrophic, as evidenced by significant news coverage on data leaks in recent years. Employees need to understand that companies can only protect themselves from such exposure by embedding an integrated insider threat program into their business, which is capable of protecting their most critical assets from insider risk.
What should be monitored?
Visit ey.com/fraudsurveys/EMEIA to read the full version of EY’s EMEIA Fraud Survey 2017, including articles on whistleblowing and cyber breach response management. EY’s new Interactive Results Comparison Tool also helps you explore how results compare across different countries and industry sectors.