Criminal gangs are placing staff members in companies to operate as moles.
In a podcast interview, Peter Wood, member of the ISACA Conference Committee and founder of First Base Technologies, claimed that the activity of placing moles is becoming common.
Wood explained that a colleague walked unchallenged into an insurance company and were able to steal all their data as part of a security exercise. He said: “Some people in the banking community have quietly and anonymously said to me over the last year that they have found employees who have been placed in their company by criminal gangs and they have been operating as moles over that period.
“I think there is a huge gulf between the technical controls that firms put in place and the human and HR control and the physical premises control. There is little or no communication between the three areas and it's through those gaps that criminals can walk unchallenged.”
Wood claimed that companies make the mistake of storing sensitive and confidential data in one place which makes it very easy for criminals to steal data.
He said: “Intellectual property or large credit card data bases are probably the primary targets and someone told me, a Japanese company in fact, that they could store all their key data, all their intellectual property and the stuff that really differentiates them on a thumb drive, as a result one hit there is more than adequate to give the criminal what they want.
“The physical attack is sometimes the easiest and probably the way of the future for a lot of criminal gangs, you don't have to be onsite, remote control attacks through email phishing, spear phishing, email attached Trojans or even web drive-by attacks are increasing in popularity and someone receiving an email that directs them to a site that appears innocent and then quickly installs something on their PC is just as vulnerable.
“If people are given some baseline education as to how to look for criminal activity then they can be the greatest asset any organization could possibly deploy.”