PRESS ROOM

Mission | Officers and Board | Staff Biographies | Press Room

Socrates Institute President Mary Radnofsky Speaks at The World Bank's International Financial Corporation "Security Awareness Day"

Alexandria, VA -- The Socrates Institute's founding president, Dr. Mary Radnofsky, gave the invited speech at this year's Security Awareness Day at the International Financial Corporation (IFC) in Washington, D.C. The IFC is the private sector branch of the World Bank Group. Dr. Radnofsky spoke about computer crime cases involving both traditional phishing and the increasingly serious problem of "Corporate Phishing." While most attendees indicated they are aware of how phishing scams generally work, most were not at all familiar with the less frequent, but much more damaging "Corporate phishing."

Dr. Radnofsky explained that such "Corporate Phishing" (aka "targeted" or "spear" phishing) get employees to answer what appears to be a legitimate company survey or request for information at a website or in an email,. As a result, they expose their computers to trojan horses and worms silently installing themselves, embedded in images or other files. The hidden programs then remain dormant until that user visits a certain website, where emails and entire databases are then downloaded into the cybercriminal's own computer. "The danger," says Dr. Radnofsky, "is that these worms and trojan horses are almost undetectable because they don't cause immediate destruction, so no one notices, and the infected computer is accessible to a cybercriminal for months. Stolen information is then used for industrial espionage, fraud, extortion, and a host of other federal offenses.

Dr. Radnofsky reassured the audience, though, that, "Such worms and other corporate phishing attacks can be defeated, even if we have to do so time and time again." But this ongoing struggle is to be expected, she said, as young people enter the workforce. "That's why educating the employee is essential. The Socrates Institute has been researching and developing a cybereducation program in cyberethics, safety, and security for the past three years," Dr. Radnofsky said. "We know that educational simulations such as controlled cyberattacks give employees the chance to make tough decisions - sometimes the wrong decisions --- but to do so in a secure environment in which they can learn how to do the right things. That way, when they go out onto the unprotected Internet or Intranets, they are better prepared to recognize fake emails, avoid phishing scams, safely download documents, and accurately report suspicious activity, making them better employees."

She concludes, "All it takes is a plan --- which must include, at the very least --- technology innovation to match the cybercriminals' latest scams, law enforcement through international cooperation, and hands-on cyber education for everyone in the company."

The Socrates Institute
P.O. Box 23751
Alexandria, VA 22304
phone: 703-823-2135
email: info@socratesinstitute.org

CyberEthics Project