Security procedures have been tightened in Downing Street following the revelation that the Prime Minister received a hoax call from someone claiming to be GCHQ head Richard Hannigan.
A government spokeswoman said:
“Following two hoax calls to Government departments today, a notice has gone out to all departments to be on the alert for such calls.
“In the first instance, a call was made to GCHQ which resulted in the disclosure of a mobile phone number for the director.
“The mobile number provided is never used for calls involving classified information. In the second instance, a hoax caller claiming to be the GCHQ director was connected to the Prime Minister.
“The Prime Minister ended the call when it became clear it was a hoax. In neither instance was sensitive information disclosed.
“Both GCHQ and Number 10 take security seriously and both are currently reviewing procedures following these hoax calls to ensure that the Government learns any lessons from this incident.”
“No harm was done, no national security was breached”
At first glance it doesn’t seem like much of a story – PM receives hoax call, PM hangs up, no harm done – and that’s certainly the way David Cameron wants to play it.
But it’s more than a minor embarrassment for GCHQ and Number 10 at a time of heightened national security and controversy over increased surveillance.
Phishing the First Lord of the Treasury
It’s also a timely reminder that information security isn’t just about secure access to computer files. Phishing, in which criminals masquerade as legitimate entities – usually online – in order to dupe unwitting targets into revealing valuable information, is a very real problem for organisations worldwide.
- The 2015 Cisco Annual Security Report emphasises the fact that “Users and IT teams have become unwitting parts of the security problem.”
- Ponemon Institute’s 2015 State of the Endpoint Report: User-Centric Risk found that 78% of IT professionals consider negligent or careless employees to be the main reason for poor endpoint security.
As technological responses to information security threats become more effective, staff are increasingly becoming a very real security risk.