Robert Hanssen's betrayal, selling US secrets to the Soviet Union and Russia for over two decades, serves as a chilling reminder: the most significant threats can originate from within an organisation.
Insider threats, driven by motivations ranging from ideology and greed to coercion and ego, pose a persistent and complex challenge to organisations across all sectors. In an era defined by expanding digital access and the increasing value of data, mitigating these internal vulnerabilities is no longer a matter of best practice, but a fundamental requirement for survival.
Recent events in Eastern Africa's financial sector, marked by a series of insider fraud cases, underscore a concerning trend: employees entrusted with safeguarding assets are increasingly becoming the architects of financial ruin.
The rapid pace of digitalisation and the adoption of emerging technologies have led to an exponential increase in data volume, necessitating seamless system integration.
Core banking systems, mobile platforms, card management systems, service access portals, and enterprise resource planning systems are now considered baseline infrastructure, expanding the potential attack surface and demanding robust internal cyber fraud risk controls.
PwC's Cyber Fraud Threat Landscape highlights the rising prevalence of insider threats, now constituting a major share of investigated cases. These involve current or former employees, contractors, vendors, or partners exploiting authorised access to compromise systems and data.
Their familiarity with internal networks enables them to spot vulnerabilities, access privileged information and gain an advantage over external attackers.
Insider cyber fraud often has greater, faster impact than external attacks due to knowledge of internal systems.
Detection is harder when insiders collude or work with syndicates, making threats difficult to uncover. Financial institutions must, therefore, prioritise strengthening their cyber security internal controls to effectively address insider threats.
This includes conducting regular, detailed reviews of critical financial system modules and integrations to ensure the proper implementation and configuration of fraud prevention measures.
Several key cyber fraud risk control mechanisms can be enforced to mitigate the risk of insider threats.
Strict segregation of duties: Implement a strict segregation of duties within information systems, requiring multiple users (ideally at least three) to execute high-value transactions.
Enforce the maker-checker principle, mandating that at least two individuals are necessary for the completion of any sensitive transaction. Regularly validate the effectiveness of this control across all change management workflows and throughout the software lifecycle.
Robust data and system quality assurance: Perform thorough data and technology system quality assurance during migration from legacy to current systems, ensuring data accuracy, integrity and the proper functioning of internal system controls. Conduct comprehensive post-implementation reviews to proactively identify potential cyber fraud risks.
AI-powered transaction monitoring systems: Implement advanced transaction monitoring systems leveraging the power of artificial intelligence (AI) and Machine Learning technologies.
These technologies enhance data analysis, pattern recognition, and anomaly detection capabilities, significantly improving the accuracy of suspicious transaction detection.Automation of reconciliation processes: Automate reconciliation processes to prevent insider threats, particularly in organisations with high transaction volumes where manual reconciliation is impractical and ineffective.
Automated reconciliation enables faster and more efficient detection of suspicious transactions across numerous general ledger accounts.
Regular user account reviews and privileged access management: Conduct regular and thorough reviews of all user accounts with access rights to execute transactions and elevated privileges within information systems. Implement robust role-based access control and privileged access management solutions to prevent unauthorised access.
Minimise the number of user accounts with broad transactional rights. Adopt user and entity behavior analytics, leveraging AI and machine learning, to identify suspicious activity, particularly for privileged user accounts.
Strategic general ledger segmentation: Implement strategic segmentation of general ledger accounts by function to restrict cross-functional access. This deters concealment strategies where fraudulent transactions are hidden within multi-purpose ledgers.
Implement internal general ledger transaction monitoring and detection mechanisms. Internal audit functions should regularly review general ledger account usage and restrict intended functions in collaboration with business units.
The PwC 2025 East Africa Digital Trust Insights Survey reveals that cyber-security threats are becoming increasingly sophisticated and persistent, with 74 percent of businesses in the region placing cyber risk at the top of their agenda.
Financial organisations must adopt a proactive and adaptable approach to managing cyber fraud risks, with a particular focus on insider threats.
This requires continuously reviewing the threat landscape, refining existing controls, and embracing emerging technologies like AI and Machine Learning to effectively safeguard organisational assets and maintain trust in the financial system.
Unlock a world of exclusive content today!Unlock a world of exclusive content today!
