Do Banks Really Not Know The Biggest Threat Comes From Insiders?
from the you-have-to-be-kidding dept
We’ve been hearing this story for ages, but it’s beginning to ring hollow (or, perhaps, is just an attempt by security consultants to get their name in the news). Reuters is quoting just such a security consultant claiming that banks are too focused on external threats and haven’t paid enough attention to insiders who could just walk out the door with customer info and money. The article itself reads a little strange — as if the author was looking for some sort of “banking problem” story, but couldn’t come up with anything new. Instead, it just quotes a bunch of people all saying the same things that have been said before about bank security. Unfortunately, that leaves open the question: are banks just waking up to this threat now? Or is a case where a reporter needed a story about banking security and reran the same story from the last five years? It’s true that there have been so many reports of data leaks via lost laptops recently to suggest that perhaps companies aren’t careful enough with what information walks out the door with employees — but it’s hardly a new problem, and hopefully one that they’re not just waking up to.
Comments on “Do Banks Really Not Know The Biggest Threat Comes From Insiders?”
A story that’s not sure if there’s a story about a story that’s about a non-story. That’s compelling journalism!
it’s better than the typical re-packaged press release that so many newspapers run with now.
Re: it's better
really? how so? re-packaged press releases are what they are. What makes one better than another?
Please enlighten me as I’m certain that if you’re right I have missed something in this article that I probably care about.
The only real way...
to 100% eliminate data theft is to take humans out of the equation (and since machines can be reprgrammed even that isn’t foolproof). Every bank has an IT section and at best even the people in that department are working around sensitive info. Someone getting pissed off or a genuine accident could lead to a leak.
Speaking as an Auditor of Bank Information Systems
This guy is right on the money (no pun intended). I perform security audits of banking and hospital information systems, and it really is pulling teeth to get Management to understand that their biggest threats are internal.
This story is pure bullshit. Banks understood the internal threat back in the 70s. And so did the government agencies auditing the banks.
But what I want to know is: how are the banks supposed to operate? For that matter, how is anyone supposed to operate? The simple fact is that the “experts” that are often quoted would lock up everything so tight nobody can do their job.
Re: Not just since the 1970s
Banks have had hundreds of years to learn how to protect against insider threats. A lot of security ideas like separation of duties come from the traditions of the banking world. If banks didn’t understand that employees can steal money, there would be no banks.
The story said that a cleaning crew place keyboard logging programs on their computers. Nifty how ‘Homer’ figured that one out huh. His real name was probably Joe ‘The Bagger’ Constanstein. They nearly lifted $400 million mazumas in a few days that is not freaking part-time earnings! All they had to do just hit a few buttons with their fat clorox stained fingers and wire the money to a bank in Israel *priceless*.
So the banks obviously wasn’t watching who they ‘hired’ to ‘clean them out’ during the night time while they was installing new safes. If that was my bank and $400 million mazumas the computers administer would be a good suspect and definitely would be on the unemployment line.
Why didn’t they install computer programs that can detect keyboard logging? So the reporter is bringing up employee back ground checks even if it‘s just a dude cleaning the banks shit holes.
The thief could have just use a USB thumb drive, scan disk or a keyboard logging memory spot for information storage. ‘Memory Spots’ could be embedded inside a business cards self-adhesive dots with a fake shell-companies name on it.
Smaller then a grain of rice the little built-in antenna with chip could be programmed to capture keyboard logs or more via wireless LAN signals from inside the bank. The private information from the banks biggest clientele being diligently recorded by the surreptitiously placed memory spots in the ink on the business card.
I janitor could walk in a few day’s later with a music cell phone taps a button and at 15 megabits per-second faster then Bluetooth wireless technology the stolen illicit data that was needed was uploaded in mere moments from the card placed a few day‘s prior and he just simply throws away the evidence and retires some where in Hawaii.
Besides that from what I’ve read banks probably well use memory spots to help protect their clienteles money in the future. So possibly things banks look into with employees they don’t share to the public.
view from within
believe me there is a TON of scrutiny on this subject and the most obvious solution is to not let employees have any access to customer data. Makes life miserable for us doing testing and resolving production problems but that is the cost of security.
I work at a bank, and I will be the first to share how easy it would be to steal quite a load of cash. Not only am I trusted with close to a million in cash daily, I am also able to make cashiers checks at will. The main thing banks can do to protect themselves is an extensive background check before hiring new employees. I recently researched the possible uses of biometrics at my bank, and I am convinced that this science offers a viable solution to many internal problems. Internal bank security will alwasy be a problem, preperation is the banks main defence.
Hi, all banks is here ! – http://grahambeswicke918.tripod.com/bank.html