It was really difficult to believe him I must admit. I suspect there was a bit of bravado in his statement that ‘they obtained the required information in 43 seconds’


The guy I was talking to was the director of an ethical hacking business. The ‘ethical’ bit means that they only do it legally, and with the support of the client who has asked them to test their data security systems.

In this case the firm was approached by the IT Director of a Premier League football club. It had just installed a powerful new security and protection system. Top of the range stuff, the very latest in encryption and antivirus protocols. Apparently, this was the best and, as a consequence the most expensive (!), system they could install.

The ethical hackers task  (for a decent fee I must advise), was to test the system and obtain sensitive data to demonstrate that they had actually penetrated the new data security fence. They were given 3 days to complete the task.

At the end of Day 1, the hackers presented data to their client showing the names of all the clubs players, and their salary and bonus structures. Clearly the IT man was stunned! All that money and the system didn’t even work!

Well, it seems the system did actually work. The hackers felt the club was very well protected. How on earth then did they get the information on players salaries?

The answer involved a bit of lateral thinking. The Premier League club had the latest and strongest defence system but their lawyers did not. The hackers obtained their information from the servers of the lawyers, a much easier target apparently.

I guess the moral of the story here is that when it comes to assessing risk, you need to think laterally and ensure that all parts of the supply chain and supporting organisations actually have as good a data protection system as you do. This particularly applies to suppliers/customers who operate in less controlled data environments overseas.

So, take care. As the saying goes, ‘there is more than one way to skin a cat’ and it can be done in 43 seconds!




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s