Spear phish your boss to win more security cash Despite weekly news of successful and nasty online attacks damaging organisations of every stripe, executive types remain blasé about security and don't pay it enough attention, says Jason Clark, chief security officer at Websense, who recommends fighting back by phishing CEOs and board members. Clark's suggested attacks are …
Only if they find out >:-)
I agree with this story. All too often the MBA graduate is actually a self-important moron actually dragging things down by his/her own dead weight of 'knowledge' (cue: theme music for market implosion and recession). Shaking up their self-imposed perfection layer is sometimes a requirement for keeping everyone's fat out of the fire.
Those self-important morons are quite likely to use you as a shield when someone higher up in the food chain decides to kick some ass.
I have always felt the best way to rid an organization of damagement is to give them (damagement) all of the rope they need, and let them hang themselves. It is much cleaner that way.
Or interview without coffee could be the result.
What the bosses need is to nearly experience it, ie one of their golfing partners getting hooked. But would a captain of industry cough to that experience or keep close-mouthed to avoid loss of face
You need a firm that's already on board to the idea to be prepared to allow a fake attack on its middle management and publicize the results.
>>Jason Clark, chief security officer at Websense, who recommends fighting back by phishing CEOs and board members<<
Perhaps someone should spear phish the CEO and other board members at Websense and make sure that they knew this behaviour had been recommended by their chief security officer; I wonder how they would react?
Nothing new about this - covert penetration testing as an object lesson has been going on for years. Even IBM have been had over. The companies that do it used to be known as "tiger teams". Maybe they still are.
But I've always thought - Can you imagine this sort of thing as a sales pitch from a company that provides personal security? Maybe kidnap some executive's wife and send her finger to him in a box?
"Now if this had been a real kidnapping, it's at about this point that you would have received a ransom note for millions of pounds. So you see, you really can't afford to be without us..."
Not sure how that would work...
"Now, if this had been a real Burglary, at this point we would have told you to write down this Crime Reference number and give it to your insurance company, and the last you would hear from us."
"Oh, no, we don't have to pay for doors we break down. All part of being in the service"
Where I used to work one of the exec’s used to get into her car, start the engine, leave it running so the car will be warm on her drive home, and then disappear into the office for a few minutes to do god knows what, leaving her laptop and papers on the passenger seat.
I used to be outside having a smoke with a guy in another team, we noticed her doing this for a few months until an idea formed, while I kept a look out he got in her car and moved it so it was now parked in a different spot 10 meters further away and facing the opposite direction.
Needless to say the look on her face was priceless, and from then on she stopped doing it, hopefully she learnt the lesson, but there is no way we would admit who did it.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
