Already a customer?
Log a ticket
Menu
whaling

Powerful People And Cyber-Ignorance Are A Dangerous Mix

Share on facebook
Share on twitter
Share on linkedin
Share on google
Share on email

Those at the top need to be more aware of cyber security threats.


When Rudy Giuliani, once mayor of New York City and now head legal buffoon for US President Donald Trump, accidentally inserted a web link in one of his tweets recently, only the most hardened of Trump supporters resisted laughing at his lack of digital acumen. The web domain ‘G-20.In’ was quickly snapped up by someone less keen on the president, and was soon used to host an unflattering message about him.

As if that wasn’t embarrassing enough, Twitter users were quick to point out that Giuliani is also Trump’s cyber security advisor – an irony that is as depressing as it is hilarious.

Yet this kind of thing is strangely common. Despite how important cyber security is, all too often those with the most power and influence are some of the least informed about matters of technology.

Tooty fruity oh Rudy Giuliani
Rudy Giuliani. Doesn’t know how links work. (Image: Wikimedia Commons)

Giuliani is a good example of this, because not only is he a senior member of a nation’s government, his role as a cyber security advisor suggests he knows a thing or two about technology. Evidently, that is not the case, and his protestations about being targeted by Trump haters confirmed that, as did his claim that ‘.Either’ hadn’t been turned into a link in one of his previous tweets (because .in is the top-level domain for India and .either isn’t one at all).

In his defence, no one really expected any better from him. On his appointment as the administration’s security expert, most sane people expressed disbelief that such a man would be put in charge of protecting the United States from cyber threats. Equally as predictable were reports several months later that he’d contributed essentially nothing to American cyber security measures.

Yet still he remains in that position, at a time when government bodies in his country are suffering hugely damaging cyber attacks.

No Cybersec Please, We’re British MPs

In light of everything else coming from the farcical Trump administration, it’s tempting to think Giuliani’s lack of technical nous is nothing more than another example of crazy American politics, but the fact is UK politicians are almost as bad.

Cast your mind back to December 2017 when Conservative MP Nadine Dorries, rising to the defence of Damian ‘I was not looking at porn’ Green, revealed she routinely shared her passwords with people in her office. Unsurprisingly, cyber security experts were less than impressed with her comments.

Remember also when Home Secretary Amber Rudd attacked encryption in WhatsApp, despite admitting that she didn’t know how it works.

And let’s not forget that no minister has headed the Department for Digital, Culture, Media and Sport for more than 18 months. According to Wired:

 “Since Maria Miller, who held Wright’s post from September 2012 to April 2014, no minister has stuck out the role for more than 18 months, with Sajid Javid, John Whittingdale, Karen Bradley and Matt Hancock all waltzing through the revolving DCMS door since.”

Not so much strong and stable as weak and wobbly – hardly what you’d want from your cyber security department.

Back in America, meanwhile, we have politicians failing to grasp that Facebook makes money from advertising. And in Japan, Yoshitaka Sakurada, the nation’s deputy chief of cyber security, once admitted to having never used a computer.

Yoshitaka Sakurada, deputy chief of cyber security strategy for Japan
Yoshitaka Sakurada, deputy chief of cyber security strategy for Japan, a country known for its technology industry. Has never used a computer before. (Image: Wikimedia Commons)

Beyond Politics

Worryingly, this phenomenon is unlikely to be restricted to the world of politics. Many businesses may also have senior staff who don’t know the basics of technology and cyber security. These are top-level executives – CEOs, CFOs and so on – with real power, and that power can easily be used by criminals to do significant financial damage to an organisation.

People in such roles are a prime target for phishing scams, because they often have access to key financial systems and can potentially make huge cash transfers. Only this month, cyber security firm Agari reported that Nigerian hacking group London Blue had compiled a list of 35,000 chief financial officers – many of whom worked at major financial institutions.

Due to the seniority of these individuals, scams that target them are referred to as ‘whaling’ attacks. In one such case, the unfortunate CEO of an aircraft part company was sacked, following a whaling incident that left the company €40 million out of pocket.

But while whaling attacks are rising at an incredible rate (200% in 2017), don’t think for a second that junior staff members aren’t a target as well. There’s no shortage of cyber criminals or ways for them rip people off. Whether your cyber security weak link is your CEO or your secretary, anyone could provide an entry point for hackers.

So while it might be fun to chuckle at the technological ineptitude of the Giulianis and the Dorries of this world, it’s far more important to educate them about cyber security and to change their dangerous behaviour. In the end, we all benefit.


Interested in cyber security? Check out our other blog posts on this subject.

Leave a Comment

Your email address will not be published. Required fields are marked *

Categories
Archives

TMB Privacy Policy

Why do we hold personal data?

Like any business, TMB Group has to keep personal data about staff, clients and potential customers. When you fill in the contact form on our website, for example, we need to keep a record so we can get back to you. Data is also held so we can deliver our services and so we can provide useful information, such as security update news.

What data do we keep?
Depending on our relationship with you, we’ll hold information such as your first and last names, your email address, your phone number and your postal address. We will also possibly have details about your business and those who work for you. If you’re a customer, then we may have some of your banking detail so we’re able to accept payments for the services we provide.

How is your data stored?

As a responsible IT company, TMB stores personal data on secured computer systems. Anything that is archived will be placed on encrypted drives.

We do use third-party customer management software, Autotask, which means data may be stored on their servers, but only the data we need to deliver our services. The same goes for the Microsoft services we use, such as Word, Excel and PowerPoint, which store information on Microsoft’s cloud servers. We also use Mailchimp for marketing purposes: to send emails and to manage subscriber lists.

These third parties are not permitted to share your data or to use it for marketing purposes. You can find Autotask’s privacy policy here: https://www.autotask.com/privacy-policy. Microsoft’s privacy policy for Office 365 is here: https://www.microsoft.com/online/legal/v2/?docid=43. Mailchimp’s policy is here: https://mailchimp.com/legal/privacy.

How long do we keep your data?

We will keep your data in our systems until it is no longer relevant to our business, but you can request that we remove or update it at any time. We will also inform any relevant third parties of your request.

Access to your information

The key thing to remember is that your data belongs to you. That means you can request copies of your personal data any time you like, or to access and update it. You also have the right to be forgotten, so if you ask that we delete your data, we will do so or provide a valid reason why we are unable to. We will, of course, require proof of your identity before addressing any such request.

Depending on your request, your information may be provided to you electronically. In such cases, it will be provided in a commonly used format.

Unsubscribing and deletion

Unsubscribing is not the same as a request for us to delete personal data. If, for example, you unsubscribe from a mailing list, it is necessary to keep your email address on record to prevent marketing email from being sent to you. If we were to delete that information, we would have no way to tell if you have unsubscribed. Nevertheless, you still have the right to request erasure of your personal data.

Your right to complain

If, for any reason, you are unhappy with the way your personal data is treated by us, you have the right to complain to a supervisory authority. In the UK, that would be the Information Commissioner’s Office (ICO).

Website analytics

Anyone who visits our website will automatically have data about them collected via Google Analytics. This gives us broad information about what people are doing on our website and which pages they are looking at. It does not provide us with personal information that could be used to identify individuals.

Cookies

Cookies are small text files that web browsers receive from websites. They are stored on your computer, and they enable sites to do things like remember if you’ve visited before, if you’re a customer, what your preferences are and so on. You are entitled to view our website without them, but you may lose this kind of functionality if you do so.

International data transfers

Information that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this privacy policy.

Data controllers and processors

TMB is the controller for marketing activity and personal data/special category data we hold on our own employees, but we are the processor when processing our customers’ personal data (e.g. buying a licence for a named individual).  We  may use sub-processors for processing data given to us by customers.

What we won’t ever do is sell your data. And if you sign up to our mailing list, you’ll only receive marketing material from TMB as a result – no one else.

For any questions regarding your data, contact TMB’s technical director, Richard Shuker, at info@tmb.co.uk or write to us at A1 Endeavour Business Park, Penner Road, Havant, Hampshire, PO9 1QN..