The Jargon Of Spyware Hacks
Pegasus appears a military-grade Israeli made app used by nation states to snoop on individual phones.
In the news due to a supposed, possibly rogue, fifty-thousand phone hack, harvesting everything each phone user has done.
If you are in the small minority (outside of China, whose own hacking outfit, Hafnium targets overseas and more besides) for whom a government may fear you a person of interest, then your phone may well be targeted using such software.
Beyond hacking immorality, I was recently intrigued to discover more of the language that has built up around this cybersecurity sector.
Many of the terms could have direct relevance to our own forecast management.
Take for instance IOCs; indicators of compromise.
From seeing a pop-up you didn’t ask for or a mouse moving around your screen without your consent, to profile changes or log-in issues, there are many.
And these can mean you are compromised. Contacts and messages downloaded, cameras on all the time.
The extent to whether these are monitored ‘live’ apparently depends where you are at in the ‘attack chain’.
Such spyware is covert. You don’t realise it places itself on your phone. And operates – fully undetectable – in what’s called fudded mode.
To assess whether you are vulnerable, you are advised to ‘properly threat model it’. And understand your threat level accordingly.
I have come across the concept of IOCs down the years as KSIs; key security indicators.
Where this key component of funnel management involves focus on client retention. Your likelihood of not keeping an account, losing a bid expected to be retained or penetration of your share of a client spend.
I found it a worthy addition to account management.
There’s an argument here to extend this into new business.
What are the IOCs suggesting a competing bid may be muscling in? Are there typical questions coming your way signifying traps set by them? Do your prospect senior execs meet more frequently with other options? Down to even, who uses the branded pens of your competition in their office?
An attack chain is interesting too. Because it suggests that the more and real-time scrutiny someone gets, the more dangerous they may be. Who might be asking all the awkward questions? Setting tasks at once all of tricky, misguided and strange? Demands instant replies to questions meriting considered, lengthy, nuanced responses?
Fudded mode feels akin to stealth mode. How easily can you make progress that sticks, without those perhaps opposed being aware? That CEO call, the golden data reveal, unique delivery team engagement?
Finally, how do we threat model our potential business properly?
Do we know what the threats are? How to spot them? And how to protect against them?