It wasn’t that long ago that Firewall was released. In it, a security executive has his family taken hostage, with the plot being that the executive will help the criminals rob the bank that he’s spent years protecting or his family will be killed.
While I haven’t heard of this extreme happening in the real world, I wonder how far away we are from this. Recently, there was a less violent attempt at hacking, with someone offering a Tesla employee over US$1mm to slip ransomware into their network. The idea would have been to threaten Tesla with data release unless they paid up. The details are interesting, and supposedly the ransomware cost US$250,000 to build, but another company paid US$4.5mm to criminals, so maybe this would have been very profitable.
I’m sure there have been some shady offline attacks against companies and their executives or privileged staff. I hope there haven’t been any violent ones, but I am sure that something has happened somewhere in the world.
Ultimately, I bet that the best defense might be to limit the knowledge of who can access sensitive data, and perhaps even ensure that no one can. Only systems, and that all queries, all access, and certainly all backups, are handled by some automated system, logging everything. This might not prevent this movie plot from coming true, but maybe you’d get a similar ending, with the criminals caught quickly because some system logged the action and alerted people.
Security is a tough world to work in and think about constantly. Many of us know this, dealing with the stress and concern on a regular basis. Hopefully none of us add in the moral dilemma that might come from an actual criminal contacting us. If they did, hopefully all of us would be able to do the right thing.