Episode 2 - Perspective from a real life former Anti-Corruption Police Officer
The programme follows the exploits of AC-12, a fictitious covert police unit, charged with investigating police corruption at the highest levels.
Last week we had an ambush, three dead police officers, another left wounded and the theft of a large amount of heroin.
The 2nd episode didn’t disappoint!
Managing corruption and the insider threat is one of the most difficult and time-consuming issues for police to deal with. This week, several real-life issues and challenges were highlighted. Blurring the lines again between what is fact or fiction in this gritty drama.
There are a few things that stood out for me this episode which have direct parallels with organisations I talk to and work with today:
The AC12 boss, Superintendent Ted Hastings complained that his department were not informed of an anti-corruption investigation going on. Even though it was his unit that had responsibility for all such operations.
All organisations, regardless of whether they are the police or civilian, have teams and business units with their own remit and agendas, and which operate without the knowledge of what other parts of the organisation are doing. This is quite normal.
The one place where this shouldn’t happen however is in governance and compliance matters. The insider risk cannot be managed when an organisation doesn’t talk and communicate between itself. There should always be oversight. One unit or body of people with knowledge of what is going on in the organisation. That body should have the ability to assess organisational risk in full knowledge of all the facts.
A statement was made in one scene that could not have been truer. It went along the lines of
“You will only find corruption if you look for it”.
Corruption and the insider risk cannot be ignored and if you don’t keep a watching eye on the problem, it will become endemic and all pervasive.
This episode saw what is called in the police, “Noble Cause Corruption”– Corruption being excused because it leads to a greater good. This might be justifiable under certain circumstances by some. So that, for example, a known criminal is at least convicted of something, lest he escape “scot-free”.
This attitude of – my wrongdoing isn’t as bad as theirs – can be seen in the business world too. When an employee decides that the project that they have worked on whilst in the employ of their company belongs more to them than it does the company themselves.
Or, because of bullying, unfair treatment or some other perceived wrong. That employee decides to leak sensitive information to those who shouldn’t have it. And they attempt to justify this release of information by saying that its “Not really wrong”, or its not as bad as the other persons wrong?
How do you deal with this? - By having acceptable behaviour policies, standards and ethics. Ethics enshrined within employee contracts and entrenched within the organisational culture.
Policy, discipline and culture combined will define how wrongdoing and corruption is viewed.
The Insider Threat
This episode also revealed that the officers killed, and the one officer spared in the first episode, were all corrupt. They were directly involved in the theft of the drugs and were shot in order to protect and cover the tracks of the crime bosses.
All were vulnerable to corruption because of the secrets and lies in their personal lives.
The woman police officer “spared” was having an affair and another, was a regular user of prostitutes.
Corrupt colleagues and criminals were able to use these sordid secrets to blackmail the officers into aiding and abetting in the theft of the heroin.
This is exactly how nation states, criminal organisations and competitors steal company sensitive information and intellectual property from private firms and government organisations.
Managing the “Insider Threat”, Cyber Security can only be done by managing risk holistically, across the business and it cannot be done piecemeal.
ESID Consulting are the experts in dealing with these threats.
Call us now if you would like to talk more about how to manage your insider risk and cyber security vulnerabilities. If you would like our help to do so. Or if you have any questions at all.
Web www.esid.co.uk Email firstname.lastname@example.org Tel +44 (0) 844 3582362
Gary is CEO and Founder of ESID Consulting. An Insider Threat & Information Security consultancy.