Pasta and Bank Thieves

If you happen to be in London attending the InfoSecurity conference and you happen to be staying in the Paddington area you can walk down Craven Road, turn on Craven Terrace and find yourself in front of the Taormina Ristorante Italiano. (named for a town in Sicily)

I found myself here this evening and ducked in to sample their dish called penne pasta al dolcelatte which I always thought of as pasta gorganzola. Of course I had to have reading material so I had picked up a copy of the Financial Times which is always an eye opening read. In the States we get pretty comfortable with our two party system. It is mind boggling to contemplate keeping track of all the different parties in all the different EU countries let alone the politics in Brussels!

So it appears that "gangs" are targeting bank employees on their way to and from work and recruiting them into their networks of identity theft. The article in FT says that local organizations are alerting banks in London to this threat and that close to $2,000,000 were lost to insider theft in 2004-2005.

These incidents highlight a lesson oft preached by folks in the security field. Regardless of the amount you invest in cyber security don't forget that thieves come from a non-technical legacy. Bribing, threatening, and extorting are historically much more succesful than targeted network attacks.

So: beef up your business practices. Ask yourself a simple question. "Does the security of this process depend on trusting people?" If so, put controls in place that alert those people that thier every action is monitored,alerted on, and recorded.

Oh, and the penne pasta? Delicious!