(www.cnbc.com)

411 points gpi | 1 comments | 15 May 25 15:52 UTC | HN request time: 0.216s | source

Show context

blindriver ◴[15 May 25 16:26 UTC] No.43996627[source]▶

There should be an ISO standard with respect to how much power and information that front line customer support agents have. The more information you need, like changing passwords or accessing personal information, should get forwarded to higher level customer support agents with better training and more monitoring. This way you can design customer support experience with as little exposure to security issues as possible.

replies(3): >>43996724 #>>43997870 #>>43997978 #

whyever ◴[15 May 25 16:36 UTC] No.43996724[source]▶

>>43996627 #

They main defense against internal attacks is bookkeeping. Banks have been dealing with this for thousands of years. I recommend the corresponding chapter in Security Engineering by Ross Anderson: https://www.cl.cam.ac.uk/archive/rja14/Papers/SEv3-ch12.pdf

replies(1): >>44001414 #

SoftTalker ◴[16 May 25 02:52 UTC] No.44001414[source]▶

>>43996724 #

Bookkeeping will alert you to employees stealing your money. It won't alert you to employees selling information.

replies(1): >>44020619 #

1. whyever ◴[18 May 25 11:47 UTC] No.44020619[source]▶

>>44001414 #

Access logs do help with this. They have been successfully used by the police to identify rogue officers abusing their access to police databases.

↑

Coinbase says hackers bribed staff to steal customer data, demanding $20M ransom