The Threat Isn’t Always On The Outside

Everyone is familiar with the individual they knew and grew up with, or lived next to for years and years. The person that retrieved their news paper from the tree, helped them carry the groceries from the car to the kitchen, or always played with their dog and offered to take him for a walk. It always comes as a complete surprise when the same individual is in the nightly news for fraud, embezzlement or other heinous charges.

It’s time to accept the fact that fraud is going to rise. Identity theft and other breaches of data is a daily ritual now, with the increasing amount of personal and professional data, online forms, online purchases and e-shopping, and other related services that accept, store, and retrieve our information. Plus the number of users that continue to grow. We also automatically believe the growing threats are external, which they are, but we never stop to consider the interior circumstances of theft. Insider theft is just as common now. An individual steals from the company, siphoning funds for months on end before an auditor or other personnel accidentally discovers the situation. Or small teams run coordinated efforts of theft, with an inside person funneling the critical finances or information to their exterior cohorts.

Why do we miss the insider threat who performs right under our noses, smiling the entire time? The signs are there. We grant access without controls to the disgruntled employee or contractor who devises a way to commit the crime and seemingly hide their tracks. Or the insider relative who adds the exterior relative to the records as someone who is supposed to receive legal funds, then later split the ill-gotten gains. Or the many illegal schemes in the insurance field.

Better separation of control observations and access of data is one method that has to be in place. Awareness of activities is another. Mindlessly clicking on spam and junk emails, jokes and riddles sent and passed around internally, unaware of the malicious payload attached that invariably commits phishing, or installs a keylogger, or opens a backdoor for a hacker to later gain entry. What happens when insidious software is installed in a browser, and the unsuspecting individual performs their usual online banking actions, only to have the Trojan software transmit transfers of funds and payments, without the customer’s knowledge? By the time the bank statement arrives, displaying the missing funds, it is far too late to retrieve the finances.

These are some of the many reasons for employees to attend a CISSP boot camp, or at the very least, there should be a CISSP certified expert and professional information security specialist on site to oversee and audit security measures, and insure the proper policies and compliances are in place and followed without excuse or disregard. All of the above can be detected, as there is always a trail of evidence. The problem is awareness and detecting the incidents before them manifest themselves.

A CISSP trained professional is able to collect the information, analyze and put together the cause and effect, and mitigate the risk. Training courses in information security are available from K Alliance and should become a part of every organization’s arsenal. The utilities and training is available to all enterprises, great and small. The question is, will companies and businesses become aware and employ them?

About Us: Training Click is a leading solutions provider of e-learning products and online training courses. With a continuing stable of IT bootcamps, IT certification training, desktop training and CBT training courses, Training Click has the solution to your training needs. CISSP certification training is available to provide a timely solution to security threats and intrusions that may arise from many areas, internal, external, and physical. Utilize the family of Training Click products and realize how you may enhance the entire productivity of your organization.