Today’s rapidly growing digital world has driven new risks in the form of internal threats that could have an adverse financial and reputational impact on an organization.
According to the EY 2016 Global Forensic Data Analytics Survey, 77% of respondents use forensic data analytics (FDA) to combat internal fraud, the highest risk area where FDA is used. Internal fraud is specified as including travel and entertainment abuse, collusions, and other fraud committed by an insider.
Manufacturing and industrial companies need to protect themselves — not only from increased external cyber attacks, but also from the possibility of rogue employee activities or third parties with access to sensitive internal data — particularly around the supply-chain process. Firms also need to provide the surveillance that regulators are demanding within the parameters of an emerging body of state and national privacy legislations
The mission-critical nature of information and the ease of digital access make organizations increasingly vulnerable to malicious insiders, who have the potential to wreak financial and reputational havoc. In response, regulators expect organizations to establish robust supervisory procedures that retain and monitor e-communications among employees, vendors, customers, distributors or joint venture partners. To date, many firms have struggled to both keep pace with cyber threats and comply with complex privacy regulation. As a result, the amount of fines levied against firms for surveillance transgressions has increased steadily in recent years.
Traditional rules-based tools, which ask questions of the data based on what is currently known, often fall short of identifying and preventing corporate insider threats due to the following challenges:
- Perpetrators try to evade most enterprise controls that rely on perimeter-focused security monitoring or identity access controls.
- Enterprise security or compliance teams are drowning with alerts and false positives — many are not even prioritized based on a risk scoring algorithm — so that important events or entities are buried within the data.
- Enterprises often don’t have strong security controls over, or visibility into, their employees’ use of third-party hosted applications.
- Many legacy security applications used to investigate alerts are cumbersome and time-consuming to use.
Given the high volumes, velocities and varieties of organizational data, companies need to transition from their current reactive, “check-the-box” surveillance capabilities to more robust, proactive, e-communications surveillance and user behavioral analytics capabilities that focus on employee patterns and anomalies. Behavioral analytics via natural language analysis generally leverages sentiment analysis, which focuses on emotional or evaluative content of text communications. Behavioral analytics takes a holistic and human view of multiple data sources that usually include emails, HR data and web browsing activities, combining them to tell us not only what is happening, but also how and why it is happening. In corporate risk and surveillance programs, behavioral analytics is a key tool in detecting patterns of behavior related to misconduct, fraud and noncompliance.
These e-communication surveillance and investigation capabilities should incorporate big data management concepts such as:
- Integrating multiple structured and unstructured data sources — voice, email, trades, sales, social media and network access
- Correlating between group users, as well as other entities, to identify hidden patterns and relationships
- Detecting anomalies using statistical models, combined with rules to compare incoming transactions with entity profiles
- Developing easy-to-use, intuitive interfaces with highly visual dashboards that increase business transparency and end-user adoption
A superior surveillance and behavior analytics program should provide companies with an end-to-end suite of surveillance and investigative capabilities to address legal and compliance risks, helping companies:
- Monitor and investigate rogue employee activities, such as collusion, off-brand marketing, insider trading or excessive entertainment spend
- Detect theft of critical digital assets
- Address litigation and compliance risk, reducing costs related to litigation and regulatory requests and compliance-related reporting requirements, through elevated controls, risk escalation methodologies, and improved business processes flow and governance
- Enhance management oversight by deploying customized, easy-to-use interfaces that aggregate large amounts of data to identify key risk areas or performance improvement opportunities
Rigorous workflow example
Deploying these analytics effectively requires cross-functional collaboration to identify risk vectors, relevant data sources, compliance requirements and privacy implications, which also serve as the foundation to develop business rules for prevention and monitoring activities. The same type of teaming is also necessary to analyze output, determine remediation procedures and draw recommendations to improve the overall surveillance capabilities. It is also important that a circular process is developed that enables the organization to constantly fine-tune its prevention and monitoring activities by leveraging output from investigations.
About the Authors
Todd Marlin, is a Principal in EY’s Fraud Investigation and Dispute Services (FIDS) practice and a leader in forensic data analytics and data sciences service line. He has deep experience helping clients identify, expose and demonstrate relationships, trends, and patterns within complex and disparate data that help them respond to regulatory and litigation challenges as well as manage fraud, corruption and insider risks. Todd has led numerous projects throughout the U.S. for Fortune 500 companies to decrease the cost and risk associated with eDiscovery and information management.
Vincent Walden is a Partner in FIDS specializing in forensic technology, business intelligence and fraud detection analytics. He has over 18 years’ experience handling information management, forensic analysis and electronic discovery needs for large scale, complex litigations, investigations and practice anti-fraud and compliance programs.
The opinions expressed herein are those of the authors and do not necessarily reflect the opinions of EY or its member firms.