THE RISK THAT SECURITY ADMINISTRATORS ARE EXPOSED TO WHEN IGNORING REAL TIME USER ACTIVITY RECORDING AND BEHAVIOR ANALYSIS

Based on Association of certified fraud Examiners – 2013 Report 

Security administrators are exposed to the following Fraud landscape.
The study is based on 94 countries and 1400 cases

The global worldwide actual fraud in 2013 was 3.8 Trillion $ .

Since most frauds today are done via computes , then most of  those frauds could be detected via real time user activity detection and recording , following by real time user anomalies analysis based on the user’s attributes as:

 Title, department , Location, Age, Gender, Seniority etc…

 

Frauds by company type:

·     40% of the frauds that were analyzed were done in private companies

·     28% public

·     17% governments

 

By company size

·     31% of frauds in companies with less than 100 employees

·     20.6% of frauds in companies with more than 10K employees

 

Analysis By Sectors

·     16.7% in banks and finance institutes

·     10.3% in governments and public

 

Analysis of fraud Types

·     25.1% – corruption

·     26.1% – billing

·     12% - Salaries

 

Geographic

·     USA : 25.1%

·     Asia : 51%

 

By Employee Type:

·     Manager : 573K $ in average incident

·     Employee: 60K $ in average incident

 

By Departments/divisions:

·     Finance:293 cases, 183k$ (avg) / case

·     Operations: 232 cases , 100k$ (avg) / case

·     Legal: 8 cases , 180k$ (avg) / case

Seniority

·     More than 10 years in the company: 229k$ of average fraud size

·     Less than 1 year in the company: 25k$ of average fraud size

Senior workers are most trusted in the company.

From the seniority analysis we can learn that trust is a main RISK factor for frauds

 

Gender:

·     65% - men 200k$/case (take more risks in life)

Men are more than women in management positions

·     35% - women 91k$/case (more conservative)

 

Cases by Age:

·     19.6%   41-45

·     3.1%    >60

·     5.8%   < 26

 

Fraud size by age

·     600k$    51-55

·     25k$       < 26

 

Education

·     75% Academic

·     25% - non Academic 

 

Fraud size by education

·     300k$ Academic

·     75k$ - non Academic

58% of fraud cases done by one person 

Fraud size by collaboration:

·     One person: 100k$

·     Collaboration : 250k$  

 

Which Controls can help you to reduce risk (from most effective to least):

·     Control tools : Real Time User Activity Monitoring and behaviors analytics

·      “Management Review” reduces the damage by 45.9% (average)

·     Hot Line

 

Bottom line:

·     5% of revenue is lost due of frauds  (3.5T$ in 2013 vs 2.9T$ in 2010)

·     Average fraud is 140k$

·     20% of cases over 1 million $

·     Discovered by auditors 18 months after the fraud started