We’ve made the analogy before… you may be leaving the fox to guard the henhouse at your company. That’s because the inside threat continues to grow. The startling statistic from Ponemon points to 60% of all breaches being from an insider. And now Cisco is in the news with the latest story.
An ex-employee was arrested the other day for allegedly defrauding the company out of $9.3 million and it was really easy how he (allegedly) pulled it off. As the director of the company’s global supply chain division, Prithviraj Bhikhahe was able to create a third-party vendor and then pay that vendor. Of course, it was a fictitious vendor and the bank account was connected to Bhikhahe according to the report.
After setting up these accounts, Bhikhahe was reported to have diverted $6.5 million to one fictitious vendor and $2.8 million to the other. Apparently it was his colleagues that started to become suspicious of his activities, which raised some red flags. Maybe he showed up to work driving a new Bugatti? Otherwise, who knows how long this could have gone on.
Now think about your company… can you prevent something like this from happening in your business-critical applications? Are you confident that a user doesn’t have the ability to set up a vendor and pay that vendor? Or perhaps they can simply change bank account information to divert funds and then change the information back once payment is sent? Or maybe they want to download information and sell it to your competitor?
There are countless scenarios that can keep you up at night. But instead of worrying, take action. Find out what steps you need to take. Attend our upcoming live webinar on the 10 steps you need to take to protect your business-critical applications from the insider threat. Click here to learn more and register.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.