TRENDING:

Financial Services Workers Fooled by CD Scam

May 26, 2006    
Financial Services Workers Fooled by CD Scam
NSI

An experiment carried out within London's financial district has demonstrated what security experts have been saying for years: employees - even those working with ultra-sensitive financial data - are unaware of or don't care about basic security practices.

In the experiment, CDs were handed out to commuters as they entered the city. Recipients were told the disks contained a special Valentine's Day promotion. In reality, though, the CDs contained nothing more than code that informed the company performing the experiment how many of the recipients had tried to open the CD. Among those who were duped were employees of a major retail bank and two global insurers.

Clear warning
Making these results even more ridiculous, the CD packaging even contained a clear warning about installing third-party software and acting in breach of company acceptable-use policies. The warning failed to deter many individuals, who showed little regard for the security of their PC and their company.

The designer and leader of the experiment said, "Fortunately, these CDs contained nothing harmful — no personal or corporate data was transmitted due to the actions of these individuals. But the fact remains that this could have been someone wanting to cause havoc in the city."

The employees, by carrying the CD into their offices and putting it straight in their PCs, bypassed much of their company's security. Experts said workers must understand that they are the first and easiest route into their company's network.

Last year, the London office of the Japanese bank Sumitomo Mitsui fell victim to a spyware infection that nearly netted the perpetrators millions. That case highlighted the threat posed by applications entering the enterprise through unofficial channels — and yet it appears few companies have taken note.

© National Security Institute, Inc. – Content excerpted from NSI’s SECURITYsense—a monthly information security awareness service for educating your end users. This copyrighted article is the property of the National Security Institute and may not be reproduced or redistributed in any form without license agreement. For more information on the SECURITYsense program and to view FREE samples, visit http://nsi.org/SECURITYsense2.html.

Previous
Risks of Portabale Memory Devices as a Security Threat Growing
Next
So You Think You Are Secure?



Around the Network

Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.