Security starts on the inside
Unpopular as it is today, I quite like using the phone. Unlike video calling apps, it rarely fails, and a quick call can often eliminate confusion in a way that an endless string of e-mails only adds to.
Like others, though, I must admit that I am becoming reticent to answer the phone, and as calls require both a caller and an answerer this is obviously a problem.
The thing is, my phone rings every single day, at least once, usually, though not always, calling from a non-geographic number. The few times I have answered it is always a scratchy connection to a sales agent somewhere trying to open my wallet. Sometimes the agent will have my name, having bought my contact details from some other business with which I have transacted, and sometimes it will just be an obvious scam. In either case, the call is unwelcome.
I mention this because it demonstrates how a useful and perfectly serviceable thing, even something as simple as the telephone, can be ruined by misuse.
This is something businesses need to think about as they push us all toward online self-service, because if the phone is like catnip for scammers and hungry salesmen, then the Internet is some kind of five-dimensional scam vortex.
News broke this week that an estimated 8,000 Electric Ireland customer accounts “may have been compromised”, leaving them at risk of credit card fraud. What makes the Electric Ireland breach particularly interesting is that, unlike the 2021 ransomware attack on the HSE, it appears to be an inside job. A statement reads: “Electric Ireland is aware that an employee of a company working on our behalf may have inappropriately accessed a small proportion of our 1.1m residential customer accounts leading to the potential misuse of personal and financial information.”
This language strongly implies a subcontractor is to blame, which may give some businesses a little pause for thought when it comes to outsourcing – but probably won’t. In any case, we will find out soon enough as the company is liaising with both Gardaí and the Data Protection Commissioner.
However, the fact that the breach, from what we know at least, sounds more like a heist or opportunist operation than a cracking attack offers a salutary lesson. The growing focus on information security is very welcome, but neither firewalls nor security operations centres using artificial intelligence threat hunting can do much about a bad actor who gets access to the network not by injecting malware but by simply turning up to work.
Subscribers 0
Fans 0
Followers 0
Followers