Voiceover: Smith can't really believe their luck. They'd planned to leave, but in the corner of the second floor, not too far from the filing cabinet and breakout area, there is an open door with the managing director's name and title on it. The door is open and there's no one inside. Casually, Smith enters the office and gently closes the door behind them. After digging in their backpack for a moment, Smith pulls out what looks like a normal HDMI cable, a standard cable used to let computers display an output on a monitor, and in some ways, it is an HDMI cable, but it's also a keylogger. This device can capture every keystroke and click and send that information to a remote location. Given that this is a high-profile employee, Smith knows that the information they'll be typing will be highly valuable. After replacing the cable, Smith checks that no one is on-site and leaves without a backwards glance.

Mark: So, the hacker has identified-, it's an-, it's an opportunist. He's identified a big fish. A managing director is the big fish. Now, this type of attack is called whaling, where we go for the big fish. It doesn't have to be the managing director, it can-, usually, it is the managing director. It can also be their PA as well. He's seen an opportunity and he's got a bit of equipment with him, so he can see a docking station and he knows, potentially, this person is going to come in the office at some point and probably plug his laptop into it, and there are cables available to us where we can either use VGA cables, HDMI or PCI cables. These are ones that display things on the screen, but they can also key log you as well. So, just by replacing the cable itself, so when this person comes into the office, plugs their laptop in, they're none the wiser and they start continuing, typing their credentials in, and all that information is captured on that cable itself. There's quite a few other cables that can do a very similar thing to that, but that's what-, basically what's happened in this type of attack.

So, training and awareness of, of-, for the staff themselves. Awareness of these type of activities going on, which would lead into-, the people who are not authorised to be on the premises, challenge people who are not wearing badges, and I've tried that myself in certain areas where I've deliberately taken my badge off to see if people would challenge me. And within about three or four minutes, I got challenged, which was really good to do that. Other thing that would be probably the best would be a technical control, and that will be using closed-circuit TV, and that would be a deterrent and, also, it would be a detective control. So, it's a deterrent. So, if people know they're being monitoring, that might put them off, and detective, you identify the perpetrator installing, potentially, things they should not have done. And that would've been, probably, the best thing in that scenario.