On Wednesday the 9th of September Dermot Williams Managing Director of Threatscape spoke to George Hook on NewsTalk about social engineering, operations security and online security. George Hook pointed out that there are three types of people who need to take caution online;
1. The average everyday person who has a smartphone, table, laptop etc.
2. Elderly people who have been sucked into the technical world because they want to communicate with their children living abroad.
3. Major companies. Dermot states that a company can have a million dollars worth of security but security is absolutely pointless if somebody makes a silly mistake. You have to get the people right before you get the technology right. An example of this happened six weeks ago with a company called Ubiquiti Networks.
They very publicly lost their Chief Financial Officer and had a few people temporarily covering the finance role. There was a little bit of chaos and confusion and somebody outside the company managed to figure out that this might be the right time to pull a stunt. They sent an email to somebody inside the company instructing them to transfer millions of dollars to an outside account and made it look like it was coming from the temporary head of finance. 46 million dollars of the company’s money got transferred out of their Hong Kong bank account to another location and only 8 million has ever been traced.
So without ever getting into the building or computers the hacker managed to steal almost 40 million dollars by what we call doing a little bit of social engineering. The hacker tricked an employee into doing something that looked like something that they were supposed to do. To listen to the full interview click here.