Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Insider fraud and trust controls: what do security teams do now?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 11936
Topic starter  

TL;DR: Insider attacks cost an average of $17.4 million in 2024, and Sumsub’s podcast argues the real challenge is balancing fraud controls, internal trust, and culture without weakening operations. The lesson for IAM and security teams is that governance has to cover people, process, and privileged access together, not as separate problems.

NHIMG editorial — based on content published by Sumsub: Insider Fraud: The Enemy Within

By the numbers:

Questions worth separating out

Q: How should security teams reduce insider fraud without undermining employee trust?

A: Use trust as a design principle, not as a control substitute.

Q: Why do insider threats become so expensive when privileged access is broad?

A: Broad privileged access lets a trusted user reach many systems, change records, approve actions, or disable controls from one account.

Q: How do IAM and fraud teams know when insider risk is moving from theory to loss?

A: They should look for unusual access combined with business-impacting activity, such as late-night approvals, entitlement changes, or unexpected exports of sensitive data.

Practitioner guidance

  • Segment privileged actions by business impact Separate read, approve, export, and admin capabilities so one insider cannot move from routine work to high-loss activity without additional checks.
  • Add friction to sensitive workflows Require step-up approval, dual control, or secondary review for actions that can move money, expose data, or disable monitoring.
  • Review insider-risk signals with IAM and fraud teams together Correlate access logs, abnormal transaction patterns, entitlement changes, and off-hours activity in a shared process.

What's in the full article

Sumsub's full podcast covers the operational detail this post intentionally leaves for the source:

  • The discussion between Thomas Taraniuk and Marc Evans on how insider fraud investigations unfold in practice.
  • The trust and culture trade-offs that shape real-world fraud prevention programmes.
  • The reporting context around the stated 2024 insider-attack cost figure.
  • The podcast framing for balancing internal trust with security controls in employee-facing environments.

👉 Read Sumsub's podcast on insider fraud and trust controls →

Insider fraud and trust controls: what do security teams do now?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11491
 

Insider fraud is an identity governance problem before it is a fraud problem. The episode frames internal abuse as something that starts with trusted access, not malware or external compromise. That means the real control question is whether identity governance can detect and constrain misuse after access has already been granted. Practitioners should treat insider risk as a lifecycle and privilege issue, not just a behavioural one.

A few things that frame the scale:

  • 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, according to Ultimate Guide to NHIs.
  • Only 5.7% of organisations have full visibility into their service accounts, which leaves most identity programmes blind to a large part of the attack surface.

A question worth separating out:

Q: Who should own response when a legitimate employee is suspected of fraud?

A: Ownership should be shared across IAM, fraud, HR, legal, and security operations, with one lead incident coordinator. IAM should suspend or restrict access, fraud should assess financial impact, and HR and legal should manage employment and evidence issues. Clear playbooks prevent delay when the actor is still trusted on paper.

👉 Read our full editorial: Insider fraud costs and trust controls in the age of agents



   
ReplyQuote
Share: