Did you know that by scanning our code you could have been hacked

The biggest cyber risk facing business is people. A company can have the most comprehensive cyber security system in place but its effectiveness can be compromised either deliberately or unwittingly by the people who work there.

For the cover of this issue of StrategicRISK we were seeking to alert readers to the basic but nonetheless lethal cyber vulnerability that is human behaviour.

We are all familiar with Quick Response (QR) Codes and their usage. Yet few people take these configurations of square information patterns at anything other than face value, particularly when they appear to be endorsed by a brand.

But why should this be the case? Just exactly what are we building our trust on? The answer, worryingly, is nothing more that our lack of understanding about what these codes are and what they can do.

The potential problems associated with spam email or messages with more devious intent are well known. Most people understand how to filter out the obvious rogues even if they cannot avoid them altogether.

It might be that QR codes are more difficult to “decipher” with the human eye and this leads to people making incorrect assumptions about their veracity.

Of course most QR codes are indeed legitimate but there is nothing to stop hackers from creating malicious versions which can take those who scan them to websites which can in turn infect the devices onto which they are scanned. This can then lead to a wider exploitation of system vulnerability, particularly through the increasing use of bring-your-own device policies by companies.

If you were one of those who scanned our cover, perhaps it is time to consider the response of staff members who are far less risk aware and then reassess your real cyber risk exposures.

StrategicRISK Cyber Conference

The Inaugural StrategicRISK European Cyber Risk Management Conference is being held in London on Wednesday 26 June 2013. This will feature threat assessments from internationally renowned experts in addition to a wide range of practical workshops.

Our speakers include Professor Angela Sasse, Director of the Academic Centre of Excellence for Cyber Security Research and Director of the Science of Cyber Security Research Institute, University College London and Stuart Poole-Robb, Chief Executive of Knightsbridge Company Services Group, which specialises in IT security issues and cybercrime.

The one-day event is aimed at chief risk officers, chief technology officers, chief information officers in addition to others in the risk and insurance sector. It will also include a series of workgroups designed to help risk managers and their IT counterparts to work through solutions to their key issues. The event is free to attend. If you would like to come please contact mike.jones@strategic-risk.eu

Topics