http://www2.csoonline.com/exclusives/column.html?ID=14346 [InfoSec News hoped to have recieved a review copy of "The Insider" from the publisher, but the author, Dan Verton "wasn't willing to incur the expense for email lists whose members have already read multiple reviews in various publications that they all get." So here's is an excerpt of an excerpt, of what I've seen of "The Insider" online. - WK] -=- The infamous outlaw Jesse James likely spins in his grave each time somebody utters the following statistic: bank robberies are actually on the decline, with banks reporting only $70 million in losses in 2001 from robberies and average losses from those robberies totaling less than $5,000 per incident between 1996 and 2001. The decline of traditional-style bank robberies is a direct result of improvements in technology and the application of those technologies to the new banking environment. Today, banks are open, airy places, well-lighted and equipped with silent alarms, networked surveillance cameras, tainted "bait money" that enables law enforcement officers to track the thieves that manage to get away, and a massive electronic infrastructure that no longer requires bank tellers to have access to large stores of cash to conduct financial transactions. But have bank robberies really declined in recent years? The answer to that question really depends on how you define bank robbery. In the modern age of electronic banking, Internet technologies have transformed the banking experience to such a significant degree that the concept of bank robbery can no longer be defined as its traditional form. Today, the traditional bank robbery, in which an armed robber physically enters a bank to carry out a "a stick-up," has been replaced by a growing multitude of fraud schemes, including check fraud, credit card fraud, automated clearing house (ACH) fraud, Internet commerce fraud, phishing scams, loan fraud, securities fraud, embezzlement, and identity theft. The modern American bank has recognized the security risks associated with the new electronic frontier and, as a result, has deployed all the state-of-the-art electronic security devices that one would expect to find in a security conscious enterprise - firewalls, intrusion detection devices, password management systems, and powerful encryption technologies. Yet banks and financial institutions continue to lose millions of dollars every year to trusted insiders who understand where the weaknesses are in the system. In fact, insiders accounted for approximately 70%, or $2.4 billion, of the $3.4 billion that banks lost as a result of both internal and external fraud and hacker incidents in 2004. During the previous year, 24% of all FBI investigations and eventual convictions were related to insider fraud. In 2003, the FBI investigated nearly 7,300 cases of insider fraud in the banking and finance sector. Those investigations led to 2,397 convictions or pretrial diversions, leaving a whopping two-thirds of all reported cases unsolved.81 The FBI has also been tracking so-called "problem institutions" throughout the banking and finance industry. These organizations are defined as having "financial, operational or managerial weaknesses" that threaten their continued viability. [...] _________________________________________ Earn your Master's degree in Information Security ONLINE www.msia.norwich.edu/csi Study IA management practices and the latest infosec issues. Norwich University is an NSA Center of Excellence.
This archive was generated by hypermail 2.1.3 : Mon Nov 14 2005 - 22:52:06 PST