High-impact cases of cyber crime affect organizations which were was fully compliant with its respective
regulatory frameworks. Organizations can become blinded by compliance to
the point where they have a false sense of assurance about managing
people-related risk.
This is defined as counter-productive behaviour, from inadvertent to malicious, and can range from oversight and corner-cutting – such as sharing passwords or propping open doors – to opportunistic behaviour including theft, fraud and sabotage. A recent example of the potential damage that people risk can cause is when an investment bank suffered significant losses through a single broker’s late-night trading. While the bank was compliant in identifying individual anomalies, its lack of a holistic approach led to it losing £6m. The broker took Monday off work (an operational state anomaly) and by the evening had made his first batch of unauthorized trades (role, authorization and operational anomalies). He notched up thousands of trades worth a total of $520m (£345m). He bought a net 7.13 million barrels of oil during the typically quiet overnight period (a time anomaly). His actions sent prices surging (price/market anomaly) by more than $1.50 to $73.50 for a barrel of Brent crude oil – the highest for eight months (another time anomaly). The deals potentially cost companies worldwide more than $100m. By taking a holistic approach to people risk management, the bank could have avoided this loss. In September, Holistic Management of Employee Risk was published by the UK’s Centre for the Protection of National Infrastructure (CPNI) and PA Consulting Group. Homer recommends as series of key steps for organizations to manage people risk effectively. How effective can these cyber crime mitigation tactics for business be applied to consumers shopping this Christmas season on-line? Share your comments with the Cloud and Cyber Security Center.
This is defined as counter-productive behaviour, from inadvertent to malicious, and can range from oversight and corner-cutting – such as sharing passwords or propping open doors – to opportunistic behaviour including theft, fraud and sabotage. A recent example of the potential damage that people risk can cause is when an investment bank suffered significant losses through a single broker’s late-night trading. While the bank was compliant in identifying individual anomalies, its lack of a holistic approach led to it losing £6m. The broker took Monday off work (an operational state anomaly) and by the evening had made his first batch of unauthorized trades (role, authorization and operational anomalies). He notched up thousands of trades worth a total of $520m (£345m). He bought a net 7.13 million barrels of oil during the typically quiet overnight period (a time anomaly). His actions sent prices surging (price/market anomaly) by more than $1.50 to $73.50 for a barrel of Brent crude oil – the highest for eight months (another time anomaly). The deals potentially cost companies worldwide more than $100m. By taking a holistic approach to people risk management, the bank could have avoided this loss. In September, Holistic Management of Employee Risk was published by the UK’s Centre for the Protection of National Infrastructure (CPNI) and PA Consulting Group. Homer recommends as series of key steps for organizations to manage people risk effectively. How effective can these cyber crime mitigation tactics for business be applied to consumers shopping this Christmas season on-line? Share your comments with the Cloud and Cyber Security Center.