Hooked by a Security Test

A vendor stunt proved CFOs can't resist the idea of a great party, even if it means putting their computer system at risk.
Jason KaraianMarch 22, 2007

It’s never easy for IT managers to convince finance colleagues to sign off on new spending plans. With this in mind, security services vendor NCC sought to do its clients “a favor” with a vivid demonstration of the importance of its wares.

In January, NCC sent 500 finance chiefs of London-listed companies a cryptic invitation to “the party of a lifetime.” The only information offered, apart from the date of the purported party, was an “RSVP” etched onto a memory stick.

Deviously, NCC also slipped a bit of code onto the sticks that triggered security software, forcing users to choose whether to allow the program to run. A whopping 47 percent of recipients clicked “yes.” The program was benign and only notified a server back at NCC of which CFOs were duped. “But they did everything necessary to cause a fairly serious infection of their networks,” says Paul Vlissidis, NCC’s chief hacker. “In my experience, security awareness is inversely proportional to seniority,” Vlissidis adds. Explaining, perhaps, why so many finance execs fell for the phony invitation.

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

With hackers increasingly customizing one-off attacks on specific companies, traditional anti-virus software no longer provides enough security. Check out Scandinavian bank Nordea, which recently was hit for SKr8 million ($1.15 million) by cyber-criminals, causing a much larger dent to the bank’s reputation in the process.

Sportingly, NCC kept its stunt secret from its own directors, including them on the sham party’s invitation list. Chairman Paul Mitchell fell for it, Vlissidis admits, though finance director Paul Edwards showed more sense. “He threw it in the bin, which is exactly the right thing to do.”

4 Powerful Communication Strategies for Your Next Board Meeting