The enemy within – insider ­security threats

May 2019 Editor's Choice, Cyber Security, Financial (Industry)

Forty-two years ago, almost to the day, brazen thieves tunnelled into the Standard Bank branch in Krugersdorp over the Easter long weekend. The robbers had done their homework and made off with a then whopping R413 000. To this day they have never been caught or even identified. Many still believe it was an inside job as the men knew exactly where to tunnel to and knew that the bank’s trembler alarms were disabled due to generators running nearby.

Although many silently applauded their audacity at the time, insider threats in today’s financial world are far more insidious and destructive. However, many financial institutions mainly have themselves to blame for lack of attention to or failing to follow best practices and procedures. So where should it all begin?

Definitely not when the person assumes his/her position, it should start much earlier.

The CV/résumé

Normally, after placing a job vacancy ad, organisations are flooded with applications and HR has the onerous task of wading through them all. Most are from genuine work seekers, however, in amongst them are those from chancers, ineligibles and far worse, those seeking to harm the company financially, reputationally or simply out of a perceived grievance.

Once a short-list of applicants has been decided on the serious task of vetting the candidates must begin with no short-cuts taken. This is a time consuming and costly exercise but will pay dividends in the future. Remember, someone looking to harm the company or inflate their credentials will go to a lot of effort to present a professional CV/résumé.

The interview

This is probably the most important step in the hiring of a candidate. The interviewing panel should consist of members of senior management, HR and a Subject Matter Expert (SME) with in-depth knowledge of the job requirements that the applicant is applying for. Things the panel should look out for include:

• Is the interviewee on time for the interview?

• Are they decently attired, presentable and clean?

• Do they appear at ease in the meeting?

• Can they answer questions relating to their qualifications and work experience promptly without having to think about it or assuming a shifty look?

• Do they have valid reasons for leaving their current employer or do they bad-mouth them?

• Have they done basic research on your company, including its vision, ethics, reputation, management, etc.? Do they ask relevant questions in return?

Once a decision has been made over the correct candidate/s, the next step in the process can begin.

Validation

This step is to check that the person is who they claim to be and includes ID checks, qualification checks, police reports, references from previous employers and community leaders. Remember, any referees who sound hesitant to disclose information, cage their words or are too gushing in their praise raise red flags. We also recommend using a company to conduct social media checks to ensure the potential candidate does not have a background of unwanted behaviour traits.

Onboarding

Now that the successful candidate has received and accepted a formal invitation for employment, onboarding can begin in earnest. The recruit must be made to feel welcome when they start their work. HR will arrange all the necessary paperwork to be done, including ID access cards, security passes, parking, banking details as well as appointing a ‘buddy’ to show the newcomer around, explain the rules of the company, introductions to members of management and teams, discuss prospects for advancement and further learning and development.

The IT department will arrange the minimal permissions the person will need to perform their job functions and ensure that strong passwords and password managers are in place. Permissions for promotions, demotions or relocations must be altered accordingly. BYOD (Bring Your Own Device) and remote working rules and policies will be explained and made available to the

new employee.

Regular follow-ups must be made by unit managers, IT, HR, etc. to ensure the person is happy and comfortable in their new position and performing as expected of them. An angry, disgruntled or bored employee is a very real danger to the company.

Offboarding

As important as onboarding is, offboarding correctly is critical. Whether the employee resigns or is dismissed, the process must take place swiftly and clinically. All access/security/ID cards must be returned and cancelled. Biometric access (fingerprint or retinal/facial scanning recognition) must be immediately revoked. All company devices (laptops, desktops, iPad, phones, USBs, external hard drives, etc.) must be collected and their serial numbers, makes and models checked against the issuing list. IT must ensure that all these devices are thoroughly checked for malware or preferably wiped clean. Logic bombs or Random Access Trojans (RATs) could have been placed on them to be used at a later date. All program passwords must be cancelled and where the employee had joint password access, this must be changed at once.

While it is almost impossible to eliminate insider threats, much can be done to reduce the chances of it occurring and limiting the risks it entails.



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

The year resilience paid off
Issue 8 2020 , Editor's Choice, Security Services & Risk Management
Hi-Tech Security Solutions spoke to Michael Davies about business continuity and resilience in a year when everything was put to the test.

Read more...
Retail solutions beyond security
Issue 8 2020, Axis Communications SA, Technews Publishing, Hikvision South Africa , Editor's Choice, CCTV, Surveillance & Remote Monitoring
The need for security technology to deliver more than videos of people falling or stealing from retail stores is greater than ever.

Read more...
Developing trust and delivering value
Issue 9 2020, Milestone Systems, Technews Publishing , Editor's Choice
Hi-Tech Security Solutions spoke to Bjørn Skou Eilertsen, CTO of Milestone Systems, at the end of 2020 to find out how the company fared in 2020 and what the company expects to see happening in 2021 onwards.

Read more...
The slow-motion AI explosion
Issue 9 2020 , Editor's Choice
What the slow and incremental shift into the artificial intelligence gear has meant for business and industry.

Read more...
Four tips to keep the lights on during load shedding
Issue 9 2020, Rectron , Editor's Choice
To ensure businesses remain ‘always on’, here are some tips and tricks to ensure your business remains productive during rolling blackouts.

Read more...
What keeps you up at night
Issue 9 2020 , Editor's Choice
One continent, many different security priorities: KnowBe4's security snapshot of sub-Saharan Africa's ‘Big Three’.

Read more...
The changing face of ransomware
Issue 9 2020, J2 Software , Editor's Choice
Relying only on a layered defence is no longer sufficient; one needs total visibility as a primary cyber defence mechanism.

Read more...
Knowledge sharing in the medical field
Issue 9 2020, Duxbury Networking , Editor's Choice
There are many reasons for a healthcare institution to share knowledge and some of today’s most modern technologies can provide a simple and efficient solution.

Read more...
Intelligent video analytics for CCTV
Issue 9 2020, Kleyn , Editor's Choice
Lesley-Anne Kleyn expands on the growth and utility of analytics at the edge, including the benefits AI and deep learning have added to analytics algorithms.

Read more...
New public CCTV system secures Sandton Central
Issue 9 2020 , Editor's Choice
The Sandton Central Management District’s (SCMD) state-of-the-art system uses artificial intelligence to detect and respond to specific events.

Read more...