I suspect that as companies trimmed staff the controls requiring input from multiple people have fallen by the wayside. Many of the controls in terms of segregation of duties collapse as companies contract.
I used to think the controls were stupid. Then I started working with our comptrollers and auditors. I had an auditor come into the office and he showed me all of the ways the front line people were “ripping us off.”
For example, the cash drawers were sometimes off in multiples of the cost of a soda from the company soda machine. Sometimes the work orders were for houses right next to each other...and the tech took “travel time” from one place to the other.
I embraced controls, not because I wanted to be a jerk, but because it meant I could trust my numbers and my people. And after that, we never had a “recurring” theft.
Then I went to work at a bank. Talk about a place with controls. And the security guys wouldn’t even talk to me about what they would catch. It took years for them to start telling me stories.
In short, if you give anyone around money the opportunity—sooner or later someone is going to try to steal from you. But they don’t realize that there is nothing new under the sun. And most of the time you will get caught.
These “internet” hacks are almost ALL inside jobs.