A Chilling Reminder Of The Internal Security Threat
Written by Evan SchumanIt’s one of the oldest pieces of security guidance: The biggest threats are always from a company’s employees, not from intruders. But popular perception has never supported this truth because outside intrusions are comparatively highly publicized while internal threats are generally dealt with secretly, with a termination and an offer to avoid prosecution if the thief remains silent.
But T-Mobile this month reminded us of how serious an internal threat can be. In what U.K. authorities are dubbing one of the biggest data breaches in that country’s history, a resourceful (although ethically challenged) T-Mobile employee is accused of taking millions of pieces of customer data and selling it to company rivals. This situation is the subject of StorefrontBacktalk’s security column this week on the new McAfee security blog.
-Marc
December 3rd, 2009 at 2:16 pm
I have read reports that the annual costs for internal fraud far exceeds the costs for external fraud yet for some reason, internal fraud does not get much press. Go figure.
December 3rd, 2009 at 3:38 pm
No mystery there. No company wants to admit to an internal assault. If handled properly, it can remain secret. No jail time, no fines. Just a termination and maybe restitution.
December 4th, 2009 at 1:22 am
The old (very very old, like pre-computerized systems old) rule of thumb in retail used to divide shortage into thirds. One third of shortage was external theft, such as shoplifters or con artists. One third was internal theft. And the last third of shortage was due to procedural or other errors, spoilage, damage, etc.
Clearly a systems-based internal theft these days could do a lot more than empty a few tills of their change funds. But how often is it really happening, and how will we ever know unless Loss Prevention departments start publishing their figures?