Hacks

 I'm sure that most of you out there have heard of the recent attack on M&S, The Co Op, Harrods and other retailers who sell online.  As someone who works in IT, these incidents are both a learning curve, and a source of reinforcement of the values and procedures we put in place.  The M&S one happened because of a lapse in procedure by a third party.

It happened like this.

A hacker pretending to be a senior manager, phoned asking for a password change.  Red flags should have been waving wildly at this point alone, yet the third party IT company that M&s had outsourced to, when along with all the usual pleas of urgency etc. etc.  This is a very basic error, yet it has cost M&S a reported £300,000,000.  Bad, very bad.

Now lets compare this to a recent hacking attempt on 'a UK based financial institution'.  No names mentioned or necessary.  Said institution has a policy that password resets can only happen when the person concerned is present, in person, in office.  Despite this, a person, purporting to be highly placed in their internet security unit phoned, claiming to be hundreds of miles away but urgently needing a password reset.  The person they were talking to on the phone knew them, and while they recognised the voice (it is thought that the voice had been cloned using AI), they did not recognise the speech patterns, or phrases used.  They did the sensible thing, and contacted the real company manager on a known number, and as a result, were not hacked.

Chalk and cheese.  Yet such policies and checks are both very basic, and very necessary.  I personally have refused such resets to very highly placed officers in our own organisation, while listening to a tirade of the old, "do you not know who I am?" comments (along with much worse).  

It pays to be careful.

Comments

Popular posts from this blog

Information overload.

Welcome

Local History of the worst possible kind! The story of Carnage Hill.

With Hindsight

It's a strange world.

More of the same.

Goodbye big brother.

Truly Ancient

A Mans Work is never done