How To
How to Stop a Thief by Thinking Like a Thief
Connie Veates, assistant VP of corporate security and business continuity at BellSouth, developed a comprehensive antifraud program. The cornerstone of that program is the team's ability to think like a thief.
By CSO Contributor
This is why, when fraud's discovered, you often hear victims saying, "He's the last person I'd have
suspected." That's how he got away with it!
Trust your instincts
While you must stifle the natural tendency to generalize about who commits fraud, you should
definitely trust your gut when it comes to sensing fraud might be taking place. Veates encourages all
employees to report it when they have that "something's just not right" vibe. And her subject matter
experts have developed keen senses of smell for something fishy, too.
Hire young turks
Veates believes one of the best sources for thinking like a thief is our nation's youth. Young people
just out of college, often with a better working knowledge of technology than corporate managers, are
both skilled enough and energetic enough to want to suss out fraud techniques. "They have a specific
skill set, these just-out-of-college geeky guys who sit and play games and are intrigued with the
challenge," Veates says. "It's a like a video game to them. A safe way to have fun breaking the rules. We
let them loose and say, 'How would you steal from this system?'"
If you want to think like a thief, act like a thief
The best way to understand how thieves think is to become one yourself, Veates says. Game your
systems. Learn how to break into them, who's vulnerable to social engineering, where the weak spots in
the supply chain can be found. "We've developed a good reputation for this; we've done it for three
years now. Sometimes the business units know we're doing it, sometimes not. Sometimes, we just
game the systems when we're bored. Just break in and take the intelligence back to the business unit.
They see the fraud technique and say, 'Who thinks like this?' And we tell them, 'We do.'"
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
