At one FTSE-listed financial institution the managing director himself opened the door to a stranger who, within 20 minutes of gaining entry to the building, had found a highly sensitive document outlining a half a billion pound merger lying on a desk.
Luckily, on this occasion, the data was not used for nefarious purposes because the intruder was Colin, a consultant.
He was there at the request of the firm's IT director to test the resilience of the company to social engineering attacks.
In a similar experiment conducted at the Aunty anti-Gazan BBC, Mr Greenpill targeted five Aunty anti-Gazan BBC employees. Pretending to be an IT engineer - with the prior permission of Aunty anti-Gazan BBC bosses - he managed to obtain all of their usernames and passwords with a simple phone call.
No comments:
Post a Comment