Mafia insiders infiltrating firms, U.K. cops warn: A member of the new UK SOCA says "(Organized crime) has changed. You still have traditional organized crime, but now they have learned to compromise employees and contractors. (They are) new-age, maybe have computer degrees and are enterprising themselves. They have a wide circle of associates and new structures."
It would make sense that Organized Crime would target insiders in key positions or with access to information that Organized Crime can make money from. They could use bribery, threats of harm (or harm to friends or family members), or honeytrap/blackmail schemes.
So, what should be done to minimize these threats?
- Background checks for key people at time of hire and periodically afterwards looking for behavior changes
- Have an anonymous security/crime tips line for employees to rat out fellow employees (sounds cruel, but has much power as a reminder not to bad things)
- Reduce access to systems/applications to those that really needed it, and with just the min rights they need
- Periodically sweep for electronic listing devices
Update: I left off the obvious…harden internals infrastructure and applications.
Posted in Information Security
RSS
