Latest Blog Posts

The perils of commoditising IT Support

(02 September 2010)

Life after ITIL – creating a culture of Continual Service Improvement

(03 August 2010)

10 reasons to migrate to Exchange 2010

(28 July 2010)

Are you Off-Sure about your IT Service Desk?

(15 July 2010)

Mind the skill gap

(12 July 2010)

Microsoft should fear not – is Apple even in the same league?

(25 June 2010)

Is your IT Service Desk future proof?

(23 June 2010)

The quest for a portable office - are all mobile devices safe for work?

(22 June 2010)

Will Tablets rule the future?

(17 June 2010)

Getting back to work - but with a service provider.

(16 June 2010)

Cloud computing: how to minimise lock-in risks

(10 June 2010)

Public sector, private data - is outsourcing the Service Desk too risky?

(03 June 2010)

Doing more with less: an opportunity to learn

(07 May 2010)

Sharing the IT Service Desk: sharing cost, sharing quality

(04 May 2010)

So, Microsoft outsources IT support – What’s all the fuss about?

(28 April 2010)

Survey reveals 1/3 of UK organisations put off Windows 7 roll-out, but are they wise to wait?

(14 April 2010)

Is information safe enough at NHS trusts?

(01 April 2010)

Best Practice and Virtualisation: essential tools in Business Resilience and Continuity planning

(25 March 2010)

What to look for when bringing offshore work back home

(22 March 2010)

5 thoughts on the IT Service Desk that need re-thinking

(10 March 2010)

Microsoft System Center Service Manager 2010: a credible challenger in the Service Management software market?

(17 February 2010)

Do you really want to lose (inter)face?

(15 February 2010)

A new lease of IT life

(11 February 2010)

From ITIL v2 to v3 – where to start?

(08 February 2010)

Can you afford not to invest in Best Practice?

(02 February 2010)

Experiential Learning explained through Confucius

(02 February 2010)

Quick win, quick fall if you fail to plan ahead

(11 January 2010)

Cloud computing – Help your IT out of the Tetris effect

(08 January 2010)

One of you may be fired

(17 December 2009)

Hot or not. ..Says who?

(15 December 2009)

2012: avoiding the IT Apocalypse

(03 December 2009)

Punishment alone does not work

(04 August 2009)

HSBC Data Loss

(27 July 2009)

ITIL for ITILs sake

(03 June 2009)

VDI and Windows 7

(07 May 2009)

The art of deception

(06 May 2009)

VDI - the revolution begins...

(05 May 2009)

Wake up and tackle the real VDI issues!

(24 March 2009)

ITIL Version 3

(18 February 2009)

Virtualisation - making the headlines

(18 February 2009)

Batten down the Hatches!

(18 February 2009)

Overcome the Freeze

(10 January 2007)

The art of deception

Posted in Information Security on 06 May 2009 by

An interesting article on the BBC website today which shows how critical a good security culture is to an organisation. An external consultant, through social engineering techniques and bags of confidence managed to gain unauthorised physical access to a company's premises and from there, very quickly, access to sensitive documents.  He then repeated the feat at the BBC's request, and this time gained access to user accounts and passwords just by pretending to be an IT support engineer.

The episode is enlightening. Everyone assumes the Internet is full of bad people, and therefore they protect their networks accordingly. However, staff are usually the weakest link in a security chain. In his book 'The Art of Deception', Kevin Mitnick gives lots of examples of different methods he'd used to trick his way into company networks. In each case, he used various means of persuasion to get people to give up information he needed to get into the networks. People often assume that hackers are technically gifted recluses. This is a dangerous and unrealistic misconception. Unfortunately, they tend to plan their security defences around the misconception, giving the skilful attacker plenty of holes to exploit.

http://news.bbc.co.uk/1/hi/technology/7843206.stm

Post your Comments

Your name: (required)

Your email: (required, never displayed)

Comments