Synopsis

Contradicting conventional wisdom that only 'non-technical' individuals fall prey to a phishing attack, technologist Andrew Betts of FT Labs inadvertently provided his credentials to the attackers. He was one of several employees who did so.

This provided attackers with access credentials and enabled them to take over email accounts at the Financial Times. The Syrian Electronic Army was identified as the attacker and they apparently targeted the newspaper/media company due to their representation of the Assad government.

This case study provides a fascinating eye witness account of what it's like to experience a targeted cyber attack and highlights an important aspect that companies should consider in their security planning, namely, whether they may be targeted in a similar manner by protest groups due to their intended business strategy, who those attackers may be and what strategies they should deploy to limit the threat and the damage.

Analysis performed by

Courtenay Brammar

Experienced global enterprise risk and governance professional. Previously Vice President at Morgan Stanley, Deloitte Risk Advisory practitioner and PRMIA steering committee member in both London and New York.

Additional services

We offer a range of cost-effective, fixed-price training programmes and consultant services derived from the unique insights gained from all our case study data.

If you'd rather we did the heavy lifting in developing a cyber incident response plan or lessons learnt training for your organisation underpined by our unique insight into the challenges faced and strategies implemented by organisations countering today's cyber security threats then please contact us here.