Gary Hibberd

20200226

Once upon a time, there were three little pigs, and the time came for them to leave home and seek their fortunes. Before they left, their mother told them “Whatever you do, do it the best that you can because that’s the way to get along in the world.”

So off they trot into the big wide world.

 

Little Pig

The first little pig built his business; selling straws to fast-food outlets. He wanted to ‘Get Rich Quick’ and really didn’t care about his customers. Profit was on his mind, and so he hired a troll (who previously had been hiding under a bridge scaring billy goats) to build him a ‘cheap-and-cheerful’ web site. Within a matter of days, he was up and running and looking for customers.

 

The Second Little Pig

The second little pig knew that there was money to be made from the book worms in the world, and wanted to build an online book store. But knowing how important security is, he asked his IT provider to confirm they had IT certificates, which they duly confirmed. The first little pig laughed and told him he should have used his troll! But he didn’t listen, and within a few weeks, he was up and running, and looking for customers.

 

Big Boss the Third

Now, the third little pig was a cautious chap, because he was an architect and wanted to sell bricks-and-mortar so he knew that he’d be dealing with some small clients, but also bigger ones too. So he contacted Hans NGretal, an Information Security consultant to seek his advice. Hans explained that he was a very wise pig, and should be thinking about the physical, technical and logical control of his data so that he could properly secure his clients’ data. Hans explained how easy it was, to draw a series of concentric circles on a page with his company in the middle, and consider the risks at each level.

Hans helped develop security policies, strategies to implement them and a way to test how well they were doing. Within a few months, everything was ready and he was up and running, and looking for customers.

All was well for a couple of years. Everyone was happy, and the three little pigs were content. But this is not the end of the story…

 

The Big Bad Wolf

One night a Cybercriminal calling themselves ‘BGBadWolf, decided he needed more money. He loved eating up data and sent out his scanners, looking for vulnerable systems. He came along and saw the first little pig, selling straws. He sent in an email titled “Let Me In x 2”. The little pig opened the email and saw that the sender wanted to invest £10,000,000,000,000 in his company!

“Fantastic!” he yelped! An investor “What do I need to do?” Quickly scanning the page, he saw the attachment he needed to open and review. “Amazing!” he squealed! But when he clicked the attachment, it simply opened… and everything froze.

He huffed, and he puffed, but it still didn’t work! He just sat scratching his little chinny chin chin. And that’s when the screen changed; “Your files are being eaten by my virus ‘BGBadWorld’. Unless you pay me 5 Bitcoins, you’ll be in my pot and I’ll eat the lot!”

Poor little pig. Before long, his files were gone, and his customers quickly followed.

But the BGBadWolf wasn’t done yet, his virus found the second little pig, but his Data Centre wasn’t so easy to attack.

 

Hack the Human!

“What to do? What to do?! I’ll need to trick someone.

But who?”

So the BGBadWolf called the reception desk

“Hi it’s Le Tmein. Can I speak to BossPig please?” (knowing he wasn’t there – as he had already told everyone on FaceBook that he was going away. The receptionist explained that he wasn’t available.

“Ah.. I see. It’s just that he told me he was calling in on his way to his trip, to pick up a document. If I send it to you, would you mind printing it for him? He said he’d be in at around 10 am before he leaves.”

Not wishing to be rude, and not wanting to be in trouble with her boss, the receptionist politely agreed.. and gave him her email address.

“Thank you. You’ve been amazing and I’ll be sure to let the boss know how much you’ve helped.”

In came the letter, and she sent it to the printer. “Strange title for a report”, she thought; “Puff & Puff. Le Tmein”. The file printed, and she waited for her boss to call in.

 

A Layer cake of Security

Now we come to the third little pig. His business was going well, and BGBadWolf was keen to get in. He scanned his website… but no vulnerabilities. He called the receptionist, but she explained she wasn’t permitted to print files, for data protection reasons. So how was he going to get in? 

So the BGBadWolf paid a visit to the office of the Boss Pig the Third. He walked around the back of the office where staff were walking in, using their ID passes.

“How to get in? How to get in?

I’ll get one of the staff to swipe me in!”

So stepping up to the door walking closely behind the person in front. “Excuse me. Can I help you?” said the little helper.

“Err.. I forgot my pass on my desk. Can you let me in?”

“No. I’m sorry. I’m not allowed. If you go to the reception, they’ll help.”

Foiled, because the little helper knew it was wrong to allow tailgating or allow people into the office who didn’t have a pass.

Boss Pig the Third was a clever little pig… and the BGBadWolf went away without his prize.

 

A happy ending… (sort of).

The next day the three little pig’s invited their mother over. She said “You see it is just as I told you. The way to get along in the world is to do things as well as you can, and…

 

Don’t cut corners on Data Protection and Information Security!”

Fortunately, the little pigs had learned that lesson.

But is that the end of the story? What about the second little pig? Well… he doesn’t realise that he has been affected yet. He may never discover it. He may not be the target. But somehow, someway, someone is going to be affected. Either him or his customers.

But for now, he just lived happily… for the time being!

Other resources

Case studies

Our cyber consulting team works with clients from public sector bodies and global businesses to SMEs and start-ups. Read our success stories here. Learn more >

Video

See what our team have been discussing around current issues in regulation and data security, and recommended processes and policies that will benefit your business. Learn more >

Whitepapers

In our collection of whitepapers, Cyberfort’s cyber consulting experts explore issues from cyber threat intelligence to incident planning and data security. Read our whitepapers to help make informed decisions for the benefit of your business.Learn more >