Seems like the world is full of rogues these days. No longer are we surprised when we hear of yet another company employee who has run amok, often under the supposedly not so watchful eye of the IT department.
The latest and most notorious, of course, is Jerome Kerviel, the trader who allegedly racked up $7.1 billion in losses for French bank Societe Generale. Pity the poor SocGen CIO who awoke to this bit of news on the clock-radio. How’s your day going so far?
Whenever there’s a high-profile corporate security breach, it’s a good bet that to one degree or another, IT will carry the can, whether it deserves to or not. The SocGen incident is no exception. In a Financial Times interview, Bank of France governor Christian Noyer pointed to an accumulation of “small mistakes” in internal controls as the probable cause of the financial disaster. “It clearly shows the need to have… even more rigorous controls on the resilience of computer systems to fraudulent penetration,” he said.
If the SocGen incident teaches us anything about the phenomenon of rogue employees, it is that these individuals will go to extraordinary lengths to circumvent security measures. Kerviel is reported to have used various passwords and accounts, breached five levels of controls, and forged documents and emails in order to carry out his unauthorized trades and cover his tracks. That’s dedication!
And that’s something that IT executives should take note of when reviewing security policy – just how foolproof are your safeguards in the face of a cunning employee bent on breeching them, with the aid of colossal nerve, limitless guile and single-minded determination?
Of course there’s only a slim chance you’ll encounter a rogue of this calibre. But preparing for anything less is a calculated risk. And if the calculation doesn’t work out in your favour, your next career move could be flipping burgs at McDonald’s.
And one last thing to keep in mind. The guy who perpetrated the biggest fraud in banking history wasn’t even a techie.