ATO to boost insider threat detection with behavioural analytics

The Australian Taxation Office is hoping behavioural analytics will help it respond to an increasing number of fraud and corruption investigations of staff.

ATO to boost insider threat detection with behavioural analytics

A request for information, published late last week, reveals the ATO is under “increased levels of scrutiny” from Australian Commission for Law Enforcement Integrity (ACLEI) and now the newly formed National Anti-Corruption Commission (NACC), which will absorb ACLEI.

Prior to January 2021, the ATO “managed most matters in-house” [pdf], whereas now these matters will be referred to the NACC for investigation.

The ATO said it still needs to supply evidence as part of investigations but said this is harder in an area of online platform use, remote work and greater IT system complexity.

“Since the introduction of these new commissions, there has been an increased level of scrutiny of the ATO,” it said.

“This has resulted in increased requirements to produce evidence, an increase in the number and complexity of internal fraud/corruption investigations, and greater reliance on the use of tools and systems to gather information for these investigations. 

“These pressures will continue, with the ATO now expected to meet any requests for information in shorter timeframes.

“To keep pace with change and to adequately address the risk of internal fraud and corruption in the ATO, we are seeking input from industry to identify opportunities for the ATO to improve insider threat detection for fraudulent or corrupt behaviours.”

In particular, the ATO has flagged behavioural analytics as a technology it wants to use.

It sees behavioural analytics as a way to set guardrails “to assist staff to conduct their daily duties and to provide further mitigations and intervention opportunities” should adverse or unusual patterns be detected.

The ATO said it currently uses “a range of tools and systems to assist in the detection and investigation of internal fraud or corruption incidents” and that it would like to consolidate the stack.

It particularly wants to be able to stop data or information exfiltration by staff, but also to protect staff from fraud or corruption allegations by “providing better assurance around the activities ATO staff undertake to rule out any false allegations quicker.”

It is hoping to capture behavioural data on such things as staff “email usage, instant messaging, websites viewed, application usage, document manipulation, file transfers, printer usage, [and] network traffic”.

The reach of the tools would ideally cover both corporate-owned and BYOD devices used to access ATO resources.

Last year, a joint ACLEI-ATO investigation led to a former ATO staffer facing corruption charges.