Subscribe

Beware the rogue employee

By Tracy Burrows, ITWeb contributor.
Johannesburg, 06 Oct 2011

ITWeb IDentity Indaba

ITWeb IDentity Indaba takes place 1 November. For more information and to reserve your seat please click here.

Local companies are losing millions of rands to fraud, reputational damage and compromised data coming from inside their organisations.

This is according to Danny Myburgh, MD of IT forensics firm Cyanre, who will speak at the upcoming ITWeb/Ideco IDentity Indaba on 1 November.

Myburgh, who has investigated scores of high-profile cases, says up to 70% of the cases he now investigates relate to employees. These include fraud, theft and misuse of company data, as well as reputational damage caused by disgruntled employees.

“If you think reputational damage won't cost you, you are mistaken,” says Myburgh. “In one local case, an employee mailed clients alleging that some of the company's financial practices were dubious. It cost the company over R4 million to carry out an audit and reassure all its clients that its practices and accounts were credible.”

Fraud is a major problem that most companies are aware of, but few do enough to prevent. Myburgh cites recent cases in which R13 million was transferred from a company's accounts in half an hour. In another case, R15 million was transferred to 750 accounts, from where it was withdrawn by about 700 people. “These are carefully planned and organised crimes, and they often involve IT staff,” he says.

Preventing these crimes and tracking down the culprits afterwards is not always easy. Myburgh says companies need to be able to manage what external devices may be plugged into the systems, which employees may access what information, who did what with data, and even who was using a particular workstation at any given time.

In addition, these logs need to be kept for as long as six months. He sees companies where IP logs are kept for only two hours before they are overwritten, making audits and criminal investigations exceptionally difficult.

Myburgh will elaborate on the IT threats facing local businesses at the IDentity Indaba, to be staged in partnership with ITWeb, at The Forum, in Bryanston, on 1 November. More information about this free executive forum is available here.

Related story:
Biometrics enter supply chain

Share