CNET reports from a conference that the Mafia are now known to be capitalizing in on weak human resource controls in order to get agents installed inside companies:
Speaking on Tuesday at the Infosecurity 2006 conference in London, Tony Neate, e-crime liaison for the Serious Organised Crime Agency (SOCA), said insider “plants” are causing significant damage to companies.
“We have fraud and ID theft, but one of the big threats still comes from the trusted insiders. That is, people inside the company who are attacking the systems,” he said.
“(Organized crime) has changed. You still have traditional organized crime, but now they have learned to compromise employees and contractors. (They are) new-age, maybe have computer degrees and are enterprising themselves. They have a wide circle of associates and new structures,” he added.
Information assets are now so valuable that “trusted” takes on a whole new meaning. Who is in charge of a database with tens of thousands of credit cards? It does not take a mafia boss to realize the opportuntities. But on the flip side, you can’t expect a business to do a six month clearing period and background check on everyone they hire…or can you?
Unfortunately, if a company doesn’t practice defense-in-depth or make use of layers of controls, the cost/slowdown of a thorough background checks on everyone just might be the reality they have to face today. It might have been less costly to run a high level of vulnerability in the past, but as the asset value and threats both increase the total risk becomes untenable.
What background check returns “mafiosi?” Are companies to be expected to hire private investigators to follow prospective employees?
Adam, that’s a fine point. One of the troubles with background checks is obviously that they are not very adaptive or analytic. You basically either see a conviction, like a giant stain, on a record or you don’t. Companies should not be hiring a “known felon”, but how do they figure out who is “known mafia” let alone who is more likely to succumb to the temptation of working for the mafia?
The answer is relative to the risk. Most government agencies have a long-standing process of background check and clearance, some lasting more than 12 months. Companies have to take this into consideration when they assess the value of the assets they are trying to protect, the prevalence and likelihood of threats and seek the best way to reduce the associated (human resource) vulnerabilities.