Page 15 - FOGlet 4
P. 15
email traffic. Having seen that the victim been very publicly illustrated in major thefts
was overseeing the renovation of a family from law firms, and last year I saw a case
property in the US, they waited until he where a public figure was blackmailed with
was travelling and took advantage of the data stolen in an entirely unrelated attack
time difference to send convincing emails on a European public relations company:
to his personal assistant asking her to pay the criminals involved had got lucky and
a succession of contractor bills urgently. By stumbled across personal information on a
deleting the emails and the replies they well-known name.
ensured that he knew nothing about the Faced with the scale and complexity of
money being spent – in this case over $1m these attacks, there is tendency to despair.
in a single week – until he returned from But the reality is that privacy, money and
his travels. Since the transactions were all data can be protected. For most family
sanctioned by his assistant and legitimate, offices, the cost-effective solution will be to
albeit to a fraudster’s account, he had no buy a managed security service which will
grounds on which to expect his bank to take care of monitoring and fixing
cover them. problems, much as they would in hiring
In another case, an investigation into the physical security or guarding services.
compromise of a large US company led us Underpinning all of this will be a change
back to the origins of the attack, which was in awareness and attitude. The unseen
the senior family member. He in turn had threat of data compromise and theft is
been inadvertently ‘infected’ by his son, pervasive. It will continue to be with us as
who had been persuaded to access a our lives, family and business, become ever
website through his Facebook account. more dependent on data and the
When he visited it he unknowingly technology which carries it. The answer is
downloaded some malware which allowed to spend proportionate effort protecting the
the attackers to control his laptop and from things we care most about, and making
there make the jump to his father, and sensible contingency plans for when
through his father to the company network. attacks succeed. The objective is not to be
Once successfully inside a network, perfect but to harden defences, reduce risk,
criminals may take some time - often and contain damage.
weeks or months - to look around and Robert Hannigan is European
assess what data is valuable. For families Executive Chairman of BlueVoyant, a
this is a particular problem. In looking global cyber security services company,
through the material available to them, and a former Director of GCHQ, the UK’s
criminal data miners may find non-financial largest intelligence and cyber security
personal material which can be deeply agency.
embarrassing and compromising. This has
Foglet 4th Edition www.gpfo.co.uk 13
