What is insider risk, and how can organizations mitigate threats to their business? In this episode of Inside the Fraud Lab, Dave Burroughs breaks down how insider risk manifests, what red flags to look out for, and the role of human judgement and experience in these investigations. Dave also discusses lessons learned from his 25 years of experience as an agent for the FBI.
Follow along with the key time stamps and points below, and listen to the podcast through the player above or watch the video here.
What is insider risk? (01:37)
Generally speaking, an insider is anyone who has legitimate access to an organization’s assets and exploits that access for unauthorized purposes. The risk can be fraud, loss of sensitive data, sabotage, reputational, among others.
What motivates insiders to act nefariously? (04:12)
There are six categories of motivation discussed in this episode, including Environmental, Situational, Ideological, Psychological, Financial, Relational.
How company culture impacts insider risk (07:06)
In a good culture or a “speak up” culture where people feel comfortable or safe to report things that concern them without fear of retaliation or consequence, culture can serve as a huge deterrent. If an individual is in working in an environment where everybody is rowing in the same direction and they want to succeed, they want their company to succeed, and they’re happy in their workplace, they will be more inclined to bring something to attention when it’s amiss.
Whereas if employees either aren’t happy or they don’t feel that the management is following up on those reports, employees may start to question, “why should I waste my time?”
Red flags to look out for (08:31)
Red flags are always more evident in hindsight, but there are some to look out for. Personality changes, for example, can be one – sudden anti-social behaviors or performance plummets. Things like refusal to take vacation could also be a red flag. But, because we are all human, red flags should be seen within the totality of circumstances rather than the only indicator that something may be amiss.
What role does technology play? (12:32)
While there are many technologies available that can centralize red flags or help indicate a pattern of insider risks, these tools must be used in concert with human judgement and experience. Technology may also open the door to unforeseen risks, as bad actors continue to try keeping pace with emerging trends and exploit new vulnerabilities.
Surprises and lessons from Dave’s time in the FBI (16:06)
The role compassion plays in scenarios where you need information or cooperation from people. Whether the victim of a crime or the bad actor, for example, leading with compassion is impactful.
The most interesting fraud case Dave has worked on. (21:10)
Dave shares examples of a fraud ring he helped investigate that ultimately led to prosecution.
The longest case he’s worked on. (24:14)
Dave shares an example of a far-reaching national security issue that shares similar themes of a popular TV show.
How will the fraud landscape change in the next few years? (26:33)
Technology will continue to obfuscate what is reality and what is not, whether through AI/ChatGPT or other means. As this technology continues to proliferate, individuals will seek trusted sources and have to become more proficient in its use to stay ahead.