Intentional Misuse of Privilege Lessons from Jérôme Kerviel
A multi-billion dollar fraud from 2008 has re-surfaced in the news after a Paris court ordered Jérôme Kerviel, who engaged in over 1,000 fraudulent transactions, to pay a full $6.7 billion restitution for his risky trades and serve three years in prison.
Forbes took their shot at what the events could teach us, which raised the compelling point that everyone is curious about - why is 100% of the blame being put on Jerome?
Here at BeyondTrust, we don't know if the bank did indeed support Jerome's risky trades, which were initially profitable. What we do know is that IT professionals have skills that are both useful and dangerous.
Kerviel came to the Societe Generale as a trader after being an IT worker at SocGen. ComputerWorld reports he used these skills to easily bypass the IT and process controls the bank put in place to detect fraudulent transactions. ComputerWorld's 5 Reasons SocGen did not detect the fraud from 2008 might as well.
I think the single takeaway the news should remind us of are that the IT skills that are both dangerous and useful can be found anywhere. Protecting the enterprise from those with the motive and expertise isn't just a matter of mission-critical servers. That mindset that there will be those with access who have IT skills should be incorporated into security in everything we do.