Page 6 of Phishing for Love
“I’m sure you’ve all read about what happened at Fine Paper Musings,” Aaron says, referencing a greetings card competitor that had recently suffered a data breach costing the company nearly a million dollars and causing untold reputational damage.
We all nod somberly in response.
“That’s why Calvin’s brought me in,” Aaron continues. “To prevent that from happening here.”
I find it interesting that Calvin is deferring so much of the talking to this Aaron guy. Either he’s out of his depth on the subject matter or he’s in serious need of Aaron’s help.
Calvin explains that Aaron is a cybersecurity analyst and the objective of his six-month consultancy gig is to whip our security-defective company into military shape. “I will not allowwhat happened at Fine Paper Musings to happen to us,” he says, arms folded, his expression stern.
My heart sinks. When Calvin’s invested in something, he’s a bit like Ash with one of those laser pointers, singularly focused on chasing the red dot. It appears Calvin’s current red dot is the company’s security risk. System outages, data loss, workflow disruption, lost revenue—they’re all, no doubt, doing a merry dance inside Calvin’s terror-stricken brain.
I hold back a groan. It looks like we’re going to be up to our armpits in all things security related for the next six months.
Calvin gestures for Aaron to continue.
With a nod, Aaron says, “What’s not in the headlines is that the data breach at Fine Paper Musings was caused by a phishing attack.”
Mark’s hand creeps up. “I don’t understand. Fishing?”
“Phishing with a p–h,” Aaron explains, “not fishing with an f.”
We stare at him blankly.
Our reaction doesn’t seem to surprise him. “Phishing is a cybersecurity scam where hackers pose as reputable businesses or people in order to trick you into opening email attachments or clicking on malicious links so they can steal sensitive information.” His gaze sweeps the room, touching every one of us with its seriousness. “Research shows that one in three employees will fall for a phishing scam. I’m here to implement a cybersecurity awareness training program that will teach you how to identify a phishy-looking email.”
Cybersecurity awareness training program. What a mouthful. That means it’ll probably be technical and boring, and about as enjoyable as a bikini wax.
As the significance of his words begins to sink in, there’s a palpable sense of relief all around the conference room that no one’s being laid off, but also a collective slumping of shoulders.None of us dare say anything, though. Not with Calvin glaring at us like we’re all about to personally lower the drawbridge so cyber marauders can loot and destroy his precious company.
I don’t know if it’s just me, but the vibe I’m getting from this Aaron guy is that he’s the big-city slicker come to educate a bunch of small-town, computer-illiterate idiots. It’s not only the expensive cut and fabric of his suit. It’s the condescending tone in his voice that grates me. Honestly, I think we’re smarter than he gives us credit for.
I shift in my seat. Out of the corner of my eye, I catch Kenzie subtly shaking her head.Please keep quiet, her head shake begs me.
It’s good advice. Right now, my goal should be to not draw attention to myself for the rest of the meeting, but my smart mouth has other ideas. “Instead of training,” I say, “why don’t we install really good security software to protect us?”
Subtext: Why does Aaron Sinclair have to be here for six long months?
Aaron narrows his eyes at me. Ah, a man well versed in reading subtext. Excellent.
I shoot a quick glance at a tight-lipped Calvin, who’s showing zero appreciation for my attempt to cut expenditure (and a certain smug individual).
“A phishing email can get past a firewall,” Aaron responds, his voice holding a faint edge, “and untrained staff will click on that mail. Every single one of you is a prime target for a cybercriminal. All it takes is one misclick.”
Well, that sounds a touch dramatic. I must have rolled my eyes a little too violently, though, because Aaron’s frown is immediate. He’s clearly annoyed that I’m not nodding along like all the other well-behaved employees in the room.
“Do you disagree?” He leaves a deliberate pause.
“Tess,” I supply, knowing full well he’s perfectly aware of my name since Calvin mentioned it less than a minute ago. I doubt this is a man who misses details.
“Okay, Tess, so you think you would recognize a sophisticated phishing email?” There’s something in the softness of his voice that makes me uneasy.
“Yes, I do,” I answer, projecting a confidence I’m no longer feeling, but I’d sooner bite my tongue than back down now. He waits in silence for me to make my point and I oblige. “Those sorts of emails are easy to spot since they’re typically riddled with poor grammar and misspellings.”
Our eyes lock in a silent contest of wills.
“Last week, I ran a number of simulated phishing attacks,” Aaron says after a moment, holding my gaze. “One person took the bait and clicked on one of the compromised emails. If this was a real cyberattack, that person would have shut down the company’s entire network.”
The tension in the room elevates. A ripple of nerves shoots through me, but at the same time I’m fairly confident it wasn’t me. I don’t just randomly click on strange emails.
