Intelligent CISO Issue 16 - Page 64

and suitability for the role plus legal factors such as criminal records and Disclosure and Barring Service (DBS) checks. However, with the wealth of data available on individuals, we’re now seeing wider due diligence checks on the employee’s digital footprint in social media and Internet presence to identify red flags that could cause a problem for the organisation’s security and reputation. This is a sensible precaution, but it doesn’t always give the whole picture. A prospective employee’s presence on illicit online communities – such as deep and dark web (DDW) forums and marketplaces, chat services platforms and other sites frequented by threat actors – is unlikely to be picked up in general screening. Those using these types of communities want to exist below the radar, yet these 64 individuals are the ones likely to pose a threat to businesses. For example, Flashpoint analysts observing a DDW forum uncovered links between a prospective employee of a Fortune 500 retailer and a threat actor with a history of recruiting insiders to steal corporate data. Once alerted, the retailer was able to halt the individual’s employment application and apply intelligence-led countermeasures to reinforce security of sensitive data which was specifically being targeted. Without that intelligence from the DDW forum, the retailer would have unwittingly weakened its risk posture. DDW access and the understanding of illicit communities, however, is not something that most HR professionals have. Business risk intelligence can close the gap and enhance the ITP with specialists who have visibility into the DDW and other Even if an employee is low risk when they join a company, that doesn’t mean they will stay that way. illicit online communities where insider threat activity is planned and agents are recruited. 2. During employment: Monitor for disgruntled or compromised employees Even if an employee is low risk when they join a company, that doesn’t mean they will stay that way. The Internet is Issue 16 | www.intelligentciso.com