18 February 2006

Predictive Profiling: The Human Firewall...

In Harrison Ford's new movie Firewall the viewer is entertained with a combination of Seattle bank heist, kidnapping and good old fashioned Hollywood chase and fight scenes. There is even a degree of deception and conspiracy mixed in to spice up the story line. The plot is full of social engineering lessons that even those with little knowledge of high technology can learn a thing or two.

While the actual high technology bank heist turns out to be nothing more than a simple stealing of account numbers and a transfer of $10,000 from 10,000 high net worth customers, the movie title is a ploy. In only one short sequence is there any focus on the fact that the bank is being attacked on a daily basis from other locations on the other side of the globe. Those attackers using new and increasingly sophisticated strategies are consistently giving financial institutions new challenges to secure their real assets, binary code.

In early 2005, a criminal gang with advanced hacking skills had tried to steal GBP 220 million (USD 421 million) from the London offices of the Japanese banking group Sumitomo and transfer the funds to 10 bank accounts around the world. Intelligence on the attempted theft via key logging software installed on banks' computers has been circulating in security circles since late last year after warnings were issued to financial institutions by the police to be on the alert for criminals using Trojan Horse technology that can record every key stroke made on a computer.

In this case and even in the movie, the "insider" is a 99.9% chance. A person has been bribed, threatened or spoofed in order for the actual fraud or heist to occur. The people who work inside the institution are far more likely to be the real source of your crime rather than the skilled hacker using key logging software. More and more the real way to mitigate these potential risks is through behavior profiles and analysis.

The human element, which relates to awareness, can't be ignored any longer. And this can only be changed through education, training, and testing of employees. An organization that procures technology worth millions is naive if you don't invest in educating your employees to make the investment worthwhile. Sometimes the human element stands alone. Awareness, detection and determination of threat, deployment, taking action, and alertness are key ingredient for security. Predictive Profiling comes into play as organizations recognize that detecting threats starts long before the firewall is compromised, falsified accounts established and bribes taken.

The Israeli Airline El Al has known for a long time the power of humans as a force in security. An empowered, trained and aware group of people will contribute to the layered framework as a force multiplier that is unequalled by any other technology investment. Firewall The Movie, was a wake-up call for those institutions who still have not given their employees more of the skills and tools for detecting human threats long before any real losses occur.

No comments:

Post a Comment