Insider threats: what is the CFO role?

• Author: Hayes, Bob
• Position: Risk Management - Chief financial officers

Malicious insiders have the potential to do severe financial and reputational damage to a vulnerable enterprise. Financial executives are uniquely positioned to help detect and prevent and respond to such threats.

The "insider threat" should be a significant concern for both public and private organizations.

Malicious insiders use a variety of methods to inflict damage--network or manual sabotage, espionage, fraud, embezzlement, misuse of information or the theft of intellectual property by electronic means or on paper.

These employees can act alone, or with the support of an outside party such as an organized cybercrime group or a state-sponsored entity. The malicious insider can come from any function in the organization--and from any level, from a third-party contractor to staff to executive. They may want to hurt the company for revenge, as a strategy for advancement or simply as a means of skimming cash.

Are such insider concerns unfounded or blown out of proportion? Many senior executives believe insider threat is a low-frequency event. However, malicious insider data leaks rose by more than 50 percent in the first six months of 2009, according to KPMG's 2009 Data Loss Barometer research.

The release of sensitive information about corporations and governments by Julian Assange, founder of WikiLeaks, is just one recent glaring example of the damage information leaks can cause. But other leaks and acts of malicious behavior can also exact a high cost.

Consider these examples:

Domino's Pizza: At a restaurant in Conover, N.C., in 2009, three workers shot a video of themselves contaminating pizzas slated for delivery by workers. The video later went viral on YouTube. Afterward, Advertising Age reported a toll on Domino's quality and "buzz" ratings, as measured by Brandlndex. Buzz fell from 22.5 points to 13.6 points.

interactive's measurements show Domino's buzz rating had been overwhelmingly positive, at about 81 percent.

After the video's release, perception became 64 percent negative. Estimates of Domino's loss of brand value were between $3 billion and $4 billion, and the company's stock took a hit.

Microsoft Corp.: An employee was sentenced to 22 months in prison for embezzling nearly $1 million by inflating expense reports for Internet domain names that she bought and maintained for the company, using her corporate credit card.

Long Island University's Hillwood Museum: A former director was sentenced to 12 months in prison last year...