Our first thoughts of spies may well be people driven by political ideology, international espionage and the like but, whilst this still persists today, the spy threat most likely to have significant impact is commercial, industrial and, above all, targeted at businesses.
The Washington Spy Museum talks of the difference between Cover and Legend. For businesses it’s somewhat different: from outside or within. When we think first of activists we think perhaps of hackers but now the lines between commercial/industrial and political seems to be blurring: was the Panama leak political or commercial? Was it about exposing legal, but questionable perhaps, practices or was it about exposing individuals of influence?
Despite high profile cases like Panama most of the threats to companies come from within. The leakage of 130,000 HSBC accounts in 2006/7 was by a Computer Technician. The impact on Ashely Maddison that lost the CEO his job was “…definitely a person here that was not an employee.” – Noel Biderman
In 2013 Vodafone had to inform 2 million customers was a “….high criminal intent and insider knowledge and was launched deep inside the IT infrastructure of the company”.
The Threat from Within is very real. It can cost executive jobs, it can affect people far and wide and it can damage reputations for years to come. Managing the threat from within is typically seen as a function of the CIO but where contingent labour is concerned what role does security and background checking have on the individual?
In 2013 the hack into Target lost the CEO and CIO their jobs and, though the hack was from outside and got the credit card numbers of 40 million people the key to the hack was from inside – a refrigeration vendor.
If your CIO is not insisting on robust screening of an ever increasing number of people passing through the company it may affect much more than you think. If the HR department is not providing background checks and undertaking proper screening as part of their selection and on-boarding process it could open the door to letting the wrong people in. If managers approving contingent labour have not asked for appropriate checks or perhaps don’t see the results of the checks then who ultimately is to blame when it goes wrong?
Data leaks, for whatever reason, are growing but have always been a threat. It will amaze you just how many and who: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/