http://www2.csoonline.com/exclusives/column.html?ID=14346
[InfoSec News hoped to have recieved a review copy of "The Insider"
from the publisher, but the author, Dan Verton "wasn't willing to
incur the expense for email lists whose members have already read
multiple reviews in various publications that they all get."
So here's is an excerpt of an excerpt, of what I've seen of
"The Insider" online. - WK]
-=-
The infamous outlaw Jesse James likely spins in his grave each time
somebody utters the following statistic: bank robberies are actually
on the decline, with banks reporting only $70 million in losses in
2001 from robberies and average losses from those robberies totaling
less than $5,000 per incident between 1996 and 2001. The decline of
traditional-style bank robberies is a direct result of improvements in
technology and the application of those technologies to the new
banking environment. Today, banks are open, airy places, well-lighted
and equipped with silent alarms, networked surveillance cameras,
tainted "bait money" that enables law enforcement officers to track
the thieves that manage to get away, and a massive electronic
infrastructure that no longer requires bank tellers to have access to
large stores of cash to conduct financial transactions.
But have bank robberies really declined in recent years? The answer to
that question really depends on how you define bank robbery. In the
modern age of electronic banking, Internet technologies have
transformed the banking experience to such a significant degree that
the concept of bank robbery can no longer be defined as its
traditional form. Today, the traditional bank robbery, in which an
armed robber physically enters a bank to carry out a "a stick-up," has
been replaced by a growing multitude of fraud schemes, including check
fraud, credit card fraud, automated clearing house (ACH) fraud,
Internet commerce fraud, phishing scams, loan fraud, securities fraud,
embezzlement, and identity theft.
The modern American bank has recognized the security risks associated
with the new electronic frontier and, as a result, has deployed all
the state-of-the-art electronic security devices that one would expect
to find in a security conscious enterprise - firewalls, intrusion
detection devices, password management systems, and powerful
encryption technologies. Yet banks and financial institutions continue
to lose millions of dollars every year to trusted insiders who
understand where the weaknesses are in the system.
In fact, insiders accounted for approximately 70%, or $2.4 billion, of
the $3.4 billion that banks lost as a result of both internal and
external fraud and hacker incidents in 2004. During the previous year,
24% of all FBI investigations and eventual convictions were related to
insider fraud. In 2003, the FBI investigated nearly 7,300 cases of
insider fraud in the banking and finance sector. Those investigations
led to 2,397 convictions or pretrial diversions, leaving a whopping
two-thirds of all reported cases unsolved.81
The FBI has also been tracking so-called "problem institutions"
throughout the banking and finance industry. These organizations are
defined as having "financial, operational or managerial weaknesses"
that threaten their continued viability.
[...]
_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.
