Senior staff at a third of top UK companies have fallen for an
online game honey trap to test their security awareness.
In a campaign targeting 14,000 senior level decision-makers in
Bluechip companies, including the FTSE250,
NCC Group found
that more than one third of recipients were willing to open and
play an online game without knowing its origin.
A link to the game, "Bish Bash Bush", which features Hilary
Clinton and Barack Obama kicking president Bush out of the White
House, was anonymously distributed throughout December and January
to coincide with the inauguration of the new US president.
A link to the game was distributed via e-mail and social media
websites. In addition to risking their own security by playing the
game, an alarming number of people forwarded the game to others,
and it is now being played in 19 different countries, including
Bermuda, Chile and Azerbaijan.
The widespread use of the game, says NCC, reinforces the message
that it is not enough to have firewalls in place - determined
hackers and data thieves will always be able to find a way to steal
data or disrupt businesses whilst staff are unaware of the risks
they may be opening the company up to.
NCC Group CEO Rob Cotton said, "We were astounded that staff in
companies that hold significant volumes of financial information
and personal details on customers, suppliers and shareholders,
still made the decision to click on this unsecured link.
"With regular stories hitting the headlines about government
departments physically losing data, it is shocking that so many
people are actually helping cyber terrorists to bypass firewalls
and corporate security tools and leaving themselves and their
companies wide open to potential disaster."
Not only have recipients breached basic security protocol by
clicking on the link, the game also raises another major issue, as
NCC found that recipients played the game during office hours.