By Kristi Horton
The “Most Wonderful Time of the Year” is coming – and much sooner than many of us may be ready for! That’s right that holiday shopping season, white Christmas, chestnuts roasting on an open fire, sleigh bells, holly, evergreens, candles, lights, and – presents! Many retailers have begun the application process for seasonal staff for the holiday shopping season. Retailers, restaurants, event planners, airlines, and hotels will all see an increase in patronage, as will many theaters, concert halls, skating rinks, and even outdoor events like parades, tree lots, frozen ponds, and ski resorts, among others.
Of course, the increase in financial success, the spirit of giving, and general hustle and bustle will be also be enjoyed and abused by criminals seeking to give themselves a holiday treat. Over the coming weeks, our team at Gate 15 will be providing a series of articles for clients on some of the risks that increase over the holiday season relating to both physical and cyber threats and circumstances and will provide effective mitigation strategies for those issues. And, in the spirit of giving, we’re happy to share some of those considerations here as well!
Seasonal Staff. Temporary Staff Can Bring Long-Term Grief…
On the topic of seasonal staff, businesses can begin reducing their risk during the hiring process. Conduct criminal background checks where permitted and for those who will be handling money or other items of value perhaps a credit check as well. While past misdeeds may not disqualify a candidate from employment (after all some have served their time and wish to make a more productive contribution to society), it is helpful for employers to understand where candidates may experience pressure or temptation and the new manager can take that into account in assigning a role that lifts the pressure from that team member. While this may seem like an extremely controversial step, it is important to note that US businesses are losing $billions annually from employee theft and fraud. In fact, 1 in 30 retail employees are arrested for workplace theft.
The next place where employers can begin to reduce risk is in a thorough orientation. Often seasonal employees do not receive the same training on company mission, vision, policies, and are permitted to skip training on fraud detection, cyber security education and awareness, and training on emergency procedures. The rationale is that seasonal workers will be teamed with or managed by experienced employees who can advise them. Be sure that employees know how to report theft or other incidents and ensure their anonymity and safety where possible. The study found that more incidents were discovered as a result of employee reporting than other detection methods.
In several recent studies of court prosecutions involving employee theft, fraud or embezzlement, businesses lost up to $50 billion dollars annually. That staggering number alone should cause holiday employers to pay attention and implement strict inventory controls as well as cash-counting and handling procedures for cashiers or others who handle payments.
When taken together, two studies show that 25% of incidents are the result of solely insiders while another 25% result from solely external actors. That leaves 50% of incidents where insiders are exploited by external actors. Sometimes the insiders are witting participants, other times they are unwitting victims.
New Eyes May Not See New Issues
While employees account for major losses to businesses, they are also key sensors in physical and cyber space for external adversaries. As mentioned before – more theft, fraud and embezzlement schemes are detected because employees reported it. Employees are also the eyes and ears on the customer service websites, the shop floor, and at their computers. Experienced employees may notice when something about the computer performance, software behavior, or network latency changes. New and temporary employees may not develop this sensitivity as they are not there long enough to get a sense of “normal” in order to observe the abnormal.
Just as many businesses are gearing up for the holidays, so are criminal adversaries. Over the last few days a new botnet c2 infrastructure was discovered abusing vulnerable elasticsearch servers. The malware customers are using the botnet to collect and transfer payment card information using AlinaPoS and JackPoS malware families. While we are all beginning to consider the year’s end and a delightful holiday season, so are criminal adversaries who wish to take instead of giving. As the Commercial Facilities community prepares for the 2017 holiday season, the Gate 15 team will continue to feature various potential risks that organizations may need to prepare for.
Gate 15 provides intelligence and threat information to inform routine situational awareness, preparedness planning, and to penetrate the decision-making cycle to help inform time-sensitive decisions effecting operations, security, and resources. We provide clients with routine cyber and physical security products tailored to the individual client’s interests. Such products include relevant analysis, assessments, and mitigation strategies on a variety of topics.
This blog post was written by Kristi Horton, Gate 15’s Senior Risk Analyst for Cyber Intelligence and Analysis. Kristi provides expert threat and risk analysis for internal activities and client needs, where she is able to lend her expertise to support client preparedness requirements and specialized technical areas such as forensics investigations and legal support.