Don't forget the internal threats

REPORTS on cyber-crimes involving information theft and security lapses are all over the news these days. However, with a slew of reportage on external threats, organisations run the risk of overlooking vulnerabilities as a result of a lack of internal controls.

In the past couple of decades, there have been several high profile cases in Singapore alone that shed light on the damage lack of controls and enforcement from within can cause.

One of them is that of the 1995 commercial fraud in Barings Futures Singapore. Then derivatives trader, Nick Leeson, was given authority over two incompatible functions: as a trader and officer-in-charge of the front office, and also as the person processing his own settlements in the back office. With these dual responsibilities, he was able to hide his trading losses - amounting to US$1.4billion (S$2.0 billion at 1995 exchange rate) - undetected in an 88888 account in the company's computer system. The losses led to the collapse of the parent bank.