RealDolmen : Do U want to PreSS the buttonski?

A large retailer recently sent a test email to all its employees. The email appeared to come from the managing director, but there were notable mistakes in both her name, email address and signature. The text itself was also written very clumsily and full of mistakes. It said in the email that the recipient simply had to click the red button to receive extra holiday. Who would fall for it?

The weakest link

All the elements were there to make it as unbelievable as possible, including a very suspicious URL under the link button, but what did you expect? Hundreds of people couldn't resist clicking it; apparently you never know... extra days off are so appealing.
Of course, thousands of other staff members didn't click the so-called buttonski in the email, but unfortunately that's not what's important. Security is only as strong as the weakest link.

Quickly penetrate the IT room

Another retailer tried to get into its local branch's IT room in a physical penetration test. A quick phone call first, to say an engineer would be visiting the next day, was apparently all that was needed to be welcomed everywhere with open arms. Quickly waving a poor copy of a personnel badge upon arrival was sufficient for the intruder to be alone in the IT room just three minutes later.

Hackers are increasingly cunning

This naïve mentality of the average employee requires draconian security measures, because otherwise the door's left wide open for anyone with bad intentions. There's hardly any other way. It came to light in various round table discussions at our Co-Thinking about the Future event, that a company's own employees are all too often the most questionable link in the security chain. Even after targeted training, awareness only seems to change temporarily. And hackers are increasingly adept at exposing our psychological pitfalls.

Consider the impact

Anyone might have seen a Hollywood film with Russian hackers, and apparently this makes us think they don't really exist. Now the threat isn't necessarily from Hollywood, of course, and the world won't collapse if a Belgian chain store is hacked, but does this make people careless? The hackers themselves certainly aren't worried about the impact. Squeezing 500 euros out of somewhere can result in productivity losses running to millions, but these costs are someone else's worry. Similarly, if customer data is found lying out on the street, it's not the hacker who'll receive a GDPR fine. So think carefully about the impact of a security leak, take imprudent end users into account, and make sure your security is cast-iron strong.