Criminal infiltration of financial institutions: a penetration test case study
Abstract
Purpose
The purpose of this paper is to discuss the findings of a security research project commissioned by a financial institution to identify security breaches that could facilitate illicit access to confidential information.
Design/methodology/approach
Using penetration and social engineering techniques to generate opportunities to steal confidential data, the project simulates a possible criminal attack.
Findings
The findings expose a vulnerability to attack by professional criminals or others prepared to use kidnap, blackmail and intimidation.
Social implications
They also raise challenging questions about reconciling the human rights of both employees and clients, and the needs and responsibilities of financial institutions as employers, service providers and custodians of confidential information.
Originality/value
The paper is unique as it tackles the phenomenon of social networking sites from the risk perspective of any employer that needs to safeguard its assets by managing internal threats and protecting against criminal infiltration.
Keywords
Citation
Hart, J. (2010), "Criminal infiltration of financial institutions: a penetration test case study", Journal of Money Laundering Control, Vol. 13 No. 1, pp. 55-65. https://doi.org/10.1108/13685201011010218
Publisher
:Emerald Group Publishing Limited
Copyright © 2010, Emerald Group Publishing Limited