Latest Blog Posts

Focus on 2012: 5 key areas in Enterprise IT

(19 December 2011)

From in-house to consultancy: moving to the ‘dark side’

(01 December 2011)

Brace for the feared double dip: IT planning can maximise mergers and acquisitions

(27 October 2011)

The tricky business of justifying IT expenditure

(19 October 2011)

IT consultants should drop the ITIL clichés to win clients over

(19 October 2011)

Steps to a successful Service Transition – new white paper by Plan-Net

(26 September 2011)

‘Cloud Consultancy’ – Experience On Demand

(26 September 2011)

ITIL 2011: Continual Service Improvement or just the result of V3 being rushed?

(03 August 2011)

The GLOCAL IT Service Desk

(26 June 2011)

Oh no… Not another Service Management initiative!

(20 June 2011)

5 reasons to employ an IT consultant

(22 May 2011)

Financial firms’ IP is safe with VDI

(11 May 2011)

IT Support: grow-your-own or buy organic?

(11 May 2011)

Where is that ‘cultural change’ which makes ITSM Best Practice effective?

(19 April 2011)

Executive exceptions: Best Practice killers or just business as usual?

(10 April 2011)

Desktop Virtualisation: Still not a perfect View

(23 March 2011)

What is the impact of the Cloud on the existing IT environment?

(10 March 2011)

Private vs. public sector IT security: more dedicated staff, yet less awareness

(03 March 2011)

Surviving IT spending cuts in the public sector

(15 February 2011)

10 things we learnt in 2010 that can help make 2011 better

(23 December 2010)

IT workforce continuity

(17 December 2010)

Minimising IT downtime for finance professionals

(30 November 2010)

ITIL V3 – should you bother?

(24 November 2010)

Taking the third option

(25 October 2010)

The peculiarities of Metro Bank’s IT outsourcing model

(19 October 2010)

Saving ITIL – how to protect the reputation of Best Practice frameworks

(11 October 2010)

5 tips for moving Disaster Recovery to the Cloud

(04 October 2010)

Does the future of business mobile computing lie in hybrid tablet devices?

(27 September 2010)

How many police officers does it take to email 10,000 criminal records to a journalist by accident?

(15 September 2010)

The perils of commoditising IT Support

(01 September 2010)

Life after ITIL – creating a culture of Continual Service Improvement

(02 August 2010)

10 reasons to migrate to Exchange 2010

(27 July 2010)

Are you Off-Sure about your IT Service Desk?

(14 July 2010)

Mind the skill gap

(11 July 2010)

Microsoft should fear not – is Apple even in the same league?

(24 June 2010)

Is your IT Service Desk future proof?

(22 June 2010)

The quest for a portable office - are all mobile devices safe for work?

(21 June 2010)

Will Tablets rule the future?

(16 June 2010)

Getting back to work - but with a service provider.

(15 June 2010)

Cloud computing: how to minimise lock-in risks

(09 June 2010)

Public sector, private data - is outsourcing the Service Desk too risky?

(02 June 2010)

Doing more with less: an opportunity to learn

(06 May 2010)

Sharing the IT Service Desk: sharing cost, sharing quality

(03 May 2010)

So, Microsoft outsources IT support – What’s all the fuss about?

(27 April 2010)

Survey reveals 1/3 of UK organisations put off Windows 7 roll-out, but are they wise to wait?

(13 April 2010)

Is information safe enough at NHS trusts?

(31 March 2010)

Best Practice and Virtualisation: essential tools in Business Resilience and Continuity planning

(25 March 2010)

What to look for when bringing offshore work back home

(22 March 2010)

5 thoughts on the IT Service Desk that need re-thinking

(10 March 2010)

Microsoft System Center Service Manager 2010: a credible challenger in the Service Management software market?

(17 February 2010)

Do you really want to lose (inter)face?

(15 February 2010)

A new lease of IT life

(11 February 2010)

From ITIL v2 to v3 – where to start?

(08 February 2010)

Can you afford not to invest in Best Practice?

(02 February 2010)

Experiential Learning explained through Confucius

(02 February 2010)

Quick win, quick fall if you fail to plan ahead

(11 January 2010)

Cloud computing – Help your IT out of the Tetris effect

(08 January 2010)

One of you may be fired

(17 December 2009)

Hot or not. ..Says who?

(15 December 2009)

2012: avoiding the IT Apocalypse

(03 December 2009)

Punishment alone does not work

(03 August 2009)

HSBC Data Loss

(26 July 2009)

ITIL for ITILs sake

(02 June 2009)

VDI and Windows 7

(06 May 2009)

The art of deception

(05 May 2009)

VDI - the revolution begins...

(04 May 2009)

Wake up and tackle the real VDI issues!

(24 March 2009)

ITIL Version 3

(18 February 2009)

Virtualisation - making the headlines

(18 February 2009)

Batten down the Hatches!

(18 February 2009)

Overcome the Freeze

(10 January 2007)

The art of deception

Posted in Information Security on 05 May 2009 by

An interesting article on the BBC website today which shows how critical a good security culture is to an organisation. An external consultant, through social engineering techniques and bags of confidence managed to gain unauthorised physical access to a company's premises and from there, very quickly, access to sensitive documents.  He then repeated the feat at the BBC's request, and this time gained access to user accounts and passwords just by pretending to be an IT support engineer.

The episode is enlightening. Everyone assumes the Internet is full of bad people, and therefore they protect their networks accordingly. However, staff are usually the weakest link in a security chain. In his book 'The Art of Deception', Kevin Mitnick gives lots of examples of different methods he'd used to trick his way into company networks. In each case, he used various means of persuasion to get people to give up information he needed to get into the networks. People often assume that hackers are technically gifted recluses. This is a dangerous and unrealistic misconception. Unfortunately, they tend to plan their security defences around the misconception, giving the skilful attacker plenty of holes to exploit.

http://news.bbc.co.uk/1/hi/technology/7843206.stm

Post your Comments

Your name: (required)

Your email: (required, never displayed)

Comments