and suitability for the role plus legal
factors such as criminal records and
Disclosure and Barring Service (DBS)
checks. However, with the wealth of
data available on individuals, we’re now
seeing wider due diligence checks on
the employee’s digital footprint in social
media and Internet presence to identify
red flags that could cause a problem for
the organisation’s security and reputation.
This is a sensible precaution, but it
doesn’t always give the whole picture.
A prospective employee’s presence
on illicit online communities – such as
deep and dark web (DDW) forums and
marketplaces, chat services platforms
and other sites frequented by threat
actors – is unlikely to be picked up in
general screening.
Those using these types of communities
want to exist below the radar, yet these
64
individuals are the ones likely to pose
a threat to businesses. For example,
Flashpoint analysts observing a DDW
forum uncovered links between a
prospective employee of a Fortune 500
retailer and a threat actor with a history of
recruiting insiders to steal corporate data.
Once alerted, the retailer was able
to halt the individual’s employment
application and apply intelligence-led
countermeasures to reinforce security
of sensitive data which was specifically
being targeted. Without that intelligence
from the DDW forum, the retailer
would have unwittingly weakened its
risk posture. DDW access and the
understanding of illicit communities,
however, is not something that most
HR professionals have. Business risk
intelligence can close the gap and
enhance the ITP with specialists who
have visibility into the DDW and other
Even if an employee
is low risk when they
join a company, that
doesn’t mean they
will stay that way.
illicit online communities where insider
threat activity is planned and agents
are recruited.
2. During employment:
Monitor for disgruntled or
compromised employees
Even if an employee is low risk when
they join a company, that doesn’t mean
they will stay that way. The Internet is
Issue 16
|
www.intelligentciso.com