Feeds

Spear phish your boss to win more security cash

Websense CSO recommends fake attacks on suits to open their wallets

Security for virtualized datacentres

Despite weekly news of successful and nasty online attacks damaging organisations of every stripe, executive types remain blasé about security and don't pay it enough attention, says Jason Clark, chief security officer at Websense, who recommends fighting back by phishing CEOs and board members.

Clark's suggested attacks are controlled fakes, run by dedicated white hat outfits, and are designed to ensure suits get a brief jolt of fear rather than having to ask their personal assistants to arrange delivery of new platinum cards. Clark feels the experience of being phished is sobering because its delivery by email demonstrates how anyone in an organisation can be attacked.

Once suits understand that, Clark's hope is it becomes easier for security professionals to have meaningful conversations with business decision makers and those who hold the purse-strings.

Such discussions need to get deeper and more frequent, he feels, because today too few executives pay more than lip service to security. When they do, they ask for assurance that the organisations they lead are complying with legislation and can demonstrate they have appropriate security controls.

Once suits are properly scared, they'll be more interested in learning more about security, will ask more and more probing questions of their IT departments and eventually lead their organisations to a security regime that gives them the protection they need.

Clark's advice is otherwise mundane: he suggests organisations ensure they have advance malware repulsion tools, spear phishing blockers and data protection tools to ensure valuable documents can't leave the building. Few organisations he visits - Clark claims to meet 400 CSOs or CEOs a year – have all three in place. Around ten per cent of organisations he visits have used phake phishing.

Fewer still perform comprehensive threat modelling, a practice he recommends as the best route to understanding appropriate security investments. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.