The enemy within – insider ­security threats

May 2019 Editor's Choice, Information Security, Financial (Industry)

Forty-two years ago, almost to the day, brazen thieves tunnelled into the Standard Bank branch in Krugersdorp over the Easter long weekend. The robbers had done their homework and made off with a then whopping R413 000. To this day they have never been caught or even identified. Many still believe it was an inside job as the men knew exactly where to tunnel to and knew that the bank’s trembler alarms were disabled due to generators running nearby.

Although many silently applauded their audacity at the time, insider threats in today’s financial world are far more insidious and destructive. However, many financial institutions mainly have themselves to blame for lack of attention to or failing to follow best practices and procedures. So where should it all begin?

Definitely not when the person assumes his/her position, it should start much earlier.

The CV/résumé

Normally, after placing a job vacancy ad, organisations are flooded with applications and HR has the onerous task of wading through them all. Most are from genuine work seekers, however, in amongst them are those from chancers, ineligibles and far worse, those seeking to harm the company financially, reputationally or simply out of a perceived grievance.

Once a short-list of applicants has been decided on the serious task of vetting the candidates must begin with no short-cuts taken. This is a time consuming and costly exercise but will pay dividends in the future. Remember, someone looking to harm the company or inflate their credentials will go to a lot of effort to present a professional CV/résumé.

The interview

This is probably the most important step in the hiring of a candidate. The interviewing panel should consist of members of senior management, HR and a Subject Matter Expert (SME) with in-depth knowledge of the job requirements that the applicant is applying for. Things the panel should look out for include:

• Is the interviewee on time for the interview?

• Are they decently attired, presentable and clean?

• Do they appear at ease in the meeting?

• Can they answer questions relating to their qualifications and work experience promptly without having to think about it or assuming a shifty look?

• Do they have valid reasons for leaving their current employer or do they bad-mouth them?

• Have they done basic research on your company, including its vision, ethics, reputation, management, etc.? Do they ask relevant questions in return?

Once a decision has been made over the correct candidate/s, the next step in the process can begin.

Validation

This step is to check that the person is who they claim to be and includes ID checks, qualification checks, police reports, references from previous employers and community leaders. Remember, any referees who sound hesitant to disclose information, cage their words or are too gushing in their praise raise red flags. We also recommend using a company to conduct social media checks to ensure the potential candidate does not have a background of unwanted behaviour traits.

Onboarding

Now that the successful candidate has received and accepted a formal invitation for employment, onboarding can begin in earnest. The recruit must be made to feel welcome when they start their work. HR will arrange all the necessary paperwork to be done, including ID access cards, security passes, parking, banking details as well as appointing a ‘buddy’ to show the newcomer around, explain the rules of the company, introductions to members of management and teams, discuss prospects for advancement and further learning and development.

The IT department will arrange the minimal permissions the person will need to perform their job functions and ensure that strong passwords and password managers are in place. Permissions for promotions, demotions or relocations must be altered accordingly. BYOD (Bring Your Own Device) and remote working rules and policies will be explained and made available to the

new employee.

Regular follow-ups must be made by unit managers, IT, HR, etc. to ensure the person is happy and comfortable in their new position and performing as expected of them. An angry, disgruntled or bored employee is a very real danger to the company.

Offboarding

As important as onboarding is, offboarding correctly is critical. Whether the employee resigns or is dismissed, the process must take place swiftly and clinically. All access/security/ID cards must be returned and cancelled. Biometric access (fingerprint or retinal/facial scanning recognition) must be immediately revoked. All company devices (laptops, desktops, iPad, phones, USBs, external hard drives, etc.) must be collected and their serial numbers, makes and models checked against the issuing list. IT must ensure that all these devices are thoroughly checked for malware or preferably wiped clean. Logic bombs or Random Access Trojans (RATs) could have been placed on them to be used at a later date. All program passwords must be cancelled and where the employee had joint password access, this must be changed at once.

While it is almost impossible to eliminate insider threats, much can be done to reduce the chances of it occurring and limiting the risks it entails.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

AI-enabled tools reducing time to value and enhancing application security
Editor's Choice
Next-generation AI tools are adding new layers of intelligent testing, audit, security, and assurance to the application development lifecycle, reducing risk, and improving time to value while augmenting the overall security posture.

Read more...
Perspectives on personal care monitoring and smart surveillance
Leaderware Editor's Choice Surveillance Smart Home Automation IoT & Automation
Dr Craig Donald believes smart surveillance offers a range of options for monitoring loved ones, but making the right choice is not always as simple as selecting the latest technology.

Read more...
AI enables security solutions to define business strategies
Regal Distributors SA Editor's Choice
While allowing technologies to do exactly what they should do with even more efficiency and precision, AI is also empowering these same technologies to break through their traditional boundaries and create an ecosystem where one interface delivers outcomes across highly segmented verticals.

Read more...
Putting cyber into surveillance
Dallmeier Electronic Southern Africa Cathexis Technologies Technews Publishing Editor's Choice
Cybersecurity has become an essential part of the physical security industry. However, unlike other IoT technologies, of which security products are a part, surveillance technologies have more to protect.

Read more...
Cybersecurity and AI
AI & Data Analytics Information Security
Cybersecurity is one of the primary reasons that detecting the commonalities and threats of what is otherwise completely unknown is possible with tools such as SIEM and endpoint protection platforms.

Read more...
2024 State of Security Report
Editor's Choice
Mobile IDs, MFA and sustainability emerge as top trends in HID Global’s 2024 State of Security Report, with artificial intelligence appearing in the conversation for the first time.

Read more...
Cyberthreats facing SMBs
Editor's Choice
Data and credential theft malware were the top two threats against SMBs in 2023, accounting for nearly 50% of all malware targeting this market segment. Ransomware is still the biggest threat.

Read more...
Are we our own worst enemy?
Editor's Choice
Sonja de Klerk believes the day-to-day issues we face can serve as opportunities for personal growth and empowerment, enabling us to contribute to creating a better and safer environment for ourselves and South Africa.

Read more...
How to spot a cyberattack if you are not a security pro
Editor's Choice
Cybersecurity awareness is straightforward if you know what to look for; vigilance and knowledge are our most potent weapons and the good news is that anyone can grasp the basics and spot suspicious activities.

Read more...
Protecting IP and secret data in the age of AI
Editor's Choice
The promise of artificial intelligence (AI) is a source of near-continuous hype for South Africans. However, for enterprises implementing AI solutions, there are some important considerations regarding their intellectual property (IP) and secret data.

Read more...