Feeds

back to article Spear phish your boss to win more security cash

Despite weekly news of successful and nasty online attacks damaging organisations of every stripe, executive types remain blasé about security and don't pay it enough attention, says Jason Clark, chief security officer at Websense, who recommends fighting back by phishing CEOs and board members. Clark's suggested attacks are …

COMMENTS

This topic is closed for new posts.
Silver badge
Coffee/keyboard

no thanks

I'd like to stay employed.

Also, do you think it would be funny if one of Webnonsense's engineers were to phish him?

9
0
Bronze badge
Coat

Re: no thanks

Agreed, the person in charge could react in a way which limits your career within the company.

0
0
Anonymous Coward

Re: no thanks

Only if they find out >:-)

I agree with this story. All too often the MBA graduate is actually a self-important moron actually dragging things down by his/her own dead weight of 'knowledge' (cue: theme music for market implosion and recession). Shaking up their self-imposed perfection layer is sometimes a requirement for keeping everyone's fat out of the fire.

1
0
Bronze badge

Re: no thanks

Generally, self-important morons do not appreciate when they are demonstrated to be self-important morons... I'm sure we could find some Dilbert strips to illustrate that principle :-)

0
0
Bronze badge

RE: Re: no thanks

Agreed, the person in charge could react in a way which limits your career within the company industry.

FTFY

0
0
Bronze badge

Re: no thanks...self-important morons

Those self-important morons are quite likely to use you as a shield when someone higher up in the food chain decides to kick some ass.

I have always felt the best way to rid an organization of damagement is to give them (damagement) all of the rope they need, and let them hang themselves. It is much cleaner that way.

0
0
Anonymous Coward

you'd have to know how the bosses would react

Or interview without coffee could be the result.

What the bosses need is to nearly experience it, ie one of their golfing partners getting hooked. But would a captain of industry cough to that experience or keep close-mouthed to avoid loss of face

You need a firm that's already on board to the idea to be prepared to allow a fake attack on its middle management and publicize the results.

2
0

Really?

>>Jason Clark, chief security officer at Websense, who recommends fighting back by phishing CEOs and board members<<

Perhaps someone should spear phish the CEO and other board members at Websense and make sure that they knew this behaviour had been recommended by their chief security officer; I wonder how they would react?

1
0

Nothing new about this - covert penetration testing as an object lesson has been going on for years. Even IBM have been had over. The companies that do it used to be known as "tiger teams". Maybe they still are.

But I've always thought - Can you imagine this sort of thing as a sales pitch from a company that provides personal security? Maybe kidnap some executive's wife and send her finger to him in a box?

"Now if this had been a real kidnapping, it's at about this point that you would have received a ransom note for millions of pounds. So you see, you really can't afford to be without us..."

3
0
FAIL

How irresponsible !!!

What a completely irresponsible thing to suggest, especially from someone in such an influential position.

Imagine how the public would react if the police decided to commit crimes themselves in order to increase government spending on the force...

2
0
Trollface

Re: How irresponsible !!!

Not sure how that would work...

"Now, if this had been a real Burglary, at this point we would have told you to write down this Crime Reference number and give it to your insurance company, and the last you would hear from us."

"Oh, no, we don't have to pay for doors we break down. All part of being in the service"

1
0

Re: How irresponsible !!!

My understanding is the Police do this sometimes, they'll relocate unattended backs/bikes etc to demonstrate people need to take more care

0
0
Bronze badge
Trollface

never admit it

Where I used to work one of the exec’s used to get into her car, start the engine, leave it running so the car will be warm on her drive home, and then disappear into the office for a few minutes to do god knows what, leaving her laptop and papers on the passenger seat.

I used to be outside having a smoke with a guy in another team, we noticed her doing this for a few months until an idea formed, while I kept a look out he got in her car and moved it so it was now parked in a different spot 10 meters further away and facing the opposite direction.

Needless to say the look on her face was priceless, and from then on she stopped doing it, hopefully she learnt the lesson, but there is no way we would admit who did it.

3
0

What was Jason on?

I'm a car mechanic, my boss won't buy me new equipment, but I've just loosened his wheel nuts to prove we need better tools!

Oh dear, how long before Websense's new owners assign Jason to a "special project"?

0
0
Bronze badge
Childcatcher

Reality Show

I think Websense is missing a trick. If they ran this as a Reality show, they could collect ad revenues and service fees. It would be really entertaining if they got John McAfee to host...

0
1
This topic is closed for new posts.