T 0.35 Coercion, Extortion or Corruption

Coercion, extortion or corruption may affect the security of information and business processes. Using threats of violence or other detriments an attacker can, for example, try to make the victim disregard security guidelines, or to circumvent security measures (coercion).

Instead of threatening, attackers can also purposefully offer employees or other person's money or other benefits to make them an instrument for security violations (corruption). For example, there is a risk that a corrupt employee will forward confidential documents to unauthorised persons.

In principle, by coercion or corruption, all basic parameters of information security may be affected. Attacks can be aimed at, amongst other things, forwarding confidential information to unauthorised persons, manipulating business-critical information or disrupting the smooth execution of business processes.

Particular danger exists if such attacks are aimed against high-profile executives or persons in special positions of trust.