Authbridge

Johannesburg - A survey released this week in South Africa shows more than two-thirds of companies reporting they had discovered cases of fraud committed by their own staff over the past three to five years, indicating a proliferation of white-collar crime in South African companies.

According to the information technology sector report – by ITWeb, sponsored by Magix Integration – white-collar crime was on the increase and that most cases of fraud were committed by companies' internal staff.

The study, the first of its kind to report on insider threats in South African companies, disclosed that 71 percent of organisations had discovered fraud committed by their employees in the past few years.

The survey was carried out to investigate the level of awareness of insider threats in South African businesses and to determine how prepared companies were to mitigate them. The report was carried out between August 23 and September 6 across a broad spectrum of 131 industries and covered the past three to five years.

While awareness of the threats posed by trusted people in companies was growing, few organisations were able to effectively protect their systems and data.

Hedley Hurwitz, MD of Magix Integration, said: 'For example, only 38 percent of the respondent companies have a data leakage prevention strategy and deployment in place. This is after 10 percent admitted they had suffered financial loss due to abuse of infrastructure, databases or applications.'

Steven Powell, director of forensics at corporate law advisers Edward Nathan Sonnenbergs, said that more than 80 percent of all fraud usually involved employees, most of whom had more than five years' service. Powell said a large proportion of white-collar crime involved staff-sharing and accessing passwords to data.

He pointed to the recent case of a subsidiary of a blue-chip packaging company in which the financial director misappropriated R4,2 million in funds by accessing a password. In another case, R3,2 million was misappropriated in one weekend, involving 63 transactions.

Some companies are introducing biometric solutions that provide password protection, he said. The system detected the user's fingerprint and could not operate without finding a pulse.

Hurwitz said risks arose from vulnerabilities in infrastructure, data and user behaviour.

The ITWeb study also found that 42 percent of companies had no mechanism in place for monitoring users and only 15 percent had a reliable software inventory mechanism to keep out malicious and unlicensed software.

Source: http://www.southerntimesafrica.com/article.php?title=In-house_fraud_rife_at_SA_companies&id=5039