As more details on the Target data breach became apparent last week – making it increasingly likely that this will become the largest data breach of all time – speculation as to how hackers stole personal details of up to 100 million+ customers is beginning to grow.
One deduction that leapt to my attention came from an interview with Avivah Litan, a fraud analyst with IT firm Gartner.
Litan suggested that the new batch of stolen identity information – from up to 70 million additional Target customers – was likely accessed with the help of an insider at Target.
This rang a strong bell with me.
As a former employee infidelity underwriter, I spent more than a decade scrutinising the behaviors of financial institutions employees to try and discern which ones were the fraudsters or whether the bank had adequate policies and procedures in place to prevent the corrupt employee from stealing from them.
The conclusion I drew then – and I’m inclined to do the same now – is that there are certainly best practices a corporation can follow to detect and frustrate a fraudulent employee in their endeavors, but they are never completely fail-safe.
I don’t want to over-simplify the situation, or be accused of seeking out the worst traits of human nature… It is not only a malicious employee or contractor who can be the source of a data breach – there is a huge element of simple human error/negligence/stupidity coming into play as well.
However, from experience, some human beings are just too susceptible to coercion from criminal gangs, or to the lure of the Big Bucks…
And you can bet your house that once committed, they’ll find a way through any systems a corporation puts in place.
All companies have them – and most employers love them… the ‘steady Eddy’ worker who arrives early, leaves late, doesn’t spend hours gossiping at the water cooler and doesn’t take lengthy time off work.
As the Target case may well prove once more, it’s that quiet, trusted employee or contractor – the one that is begging to ‘blend into the furniture’ – that you really need to pay attention to.