The geeks donned Nigerian princely robes
The information technology administrators knew company data was being stolen, so they tried a little trick and discovered how. From InfoWorld magazine:
Sometimes you have to don Nigerian princely robes to know just how likely your network is to get hosed, learned one IT admin at a midsize financial company in the Midwest.Read more IT tales, some involving deception: Stupid user tricks 6: IT idiocy loves company. IT fight club, dirty dev data, meatball sandwiches -- nine more tales of brain fail beyond belief. InfoWorld>>
"We've spent well into six figures on perimeter security, antivirus, and antimalware software to keep customer data and get through audits. But even so, in the last year and a half we've had no fewer than six breaches with data being stolen or compromised," says the admin.
"Then over drinks one day, a buddy who is a security consultant casually mentioned that human compromises were just as common as technology vulnerabilities."
Keen to quantify this collective brain fail, the admin's team set up a test.
"We took the roster of employees of our two largest offices and checked their corporate email addresses to see which were accessible off the Web. Out of 178 employees, 138 corporate email addresses were easily discovered -- like two or three clicks off Google. That alone surprised me."
The team then set up a phishing email and sent it to all 138 employees. (A phishing email contains a legitimate-looking link that actually links to something bad - like a virus.)
"Now I know why those Nigerian princes keep bothering people," the admin says. "Our current malware technology caught only 58 percent of our home-brew phishing mails. On top of that, because we didn't use the usual Nigerian-prince or $1-million-estate-up-for-grabs schemes, we managed to get 64 out of 138 to click on our 'malware' link."
Needless to say, the results raised eyebrows in the corner office.
The photo is Sani Abacha, a former president of Nigeria>>