The Pope Wears Balenciaga

Or does he? And what in the world does that have to do with security?

The Pope Wears Balenciaga

Hola, mis amigos, otra vez! This one crossed my desk a while ago and given my love of all things Spanish, it tickled my sense of humour although it’s a huge red flag for security and trust in general, so it’s worth a quick note.  

An image appeared on the internet of the Pope decked out in Balenciaga, a luxury Spanish clothing brand. The internet nearly broke at the very thought of this. For about a 24-hour period, before a press release was issued stating that the image was fake, everyone lost their marbles over how dapper he appeared, with others commenting that the church had gone literally “to hell in a hand cart, “just as they expected”. Yikes.  

As indicated, in the end, it turned out (not unsurprisingly) to be an AI-generated image by a company called “Midjourney” basically to demonstrate, very ably, the advances in artificial intelligence over the last 12 months.  

What lessons can we learn from this? Well, lots of things really, but I think the biggest is this: If it takes a full 24-hour news cycle to get to grips with the unlikely nature of the Pope bedecked, head to toe, in Balenciaga, how much more effective will these AI methodologies be in the 0.5 seconds between an email arriving in your/your staff’s mailbox and you/them making the decision whether or not to open it. 

We discuss phishing nearly constantly these days as it represents, by far, the biggest risk of data loss and the entrance of ransomware into your business. Some people, maybe a bit like me, are deeply sceptical of everything. Probably not a bad prima facia view for a security-minded person, but many of your users have the instincts of a chameleon catching a fly when it comes to opening mail in their inbox. I have run tests in the past, even against our own staff at times with the amount of time spent examining email before opening borders on pre-cognition.  

Building your human firewall and a healthy degree of scepticism in staff is a top priority. Maybe just as big of a problem is identifying the users who need some re-education. 

Drilling into staff the ideas of: 

  • Was I waiting on this email? 
  • Is it appropriate for me? 
  • Is it in character for the sender?  
  • Even if it’s right, can I take 10 seconds and check verbally with the sender if I am being asked for credentials when I don’t expect to be? And, no! Don’t call anyone on the number in the potential scam email. That goes without saying surely. 

This last one is probably the biggest single item. We are often afraid of looking like an idiot but trust me when I tell you that there is little more likely to make you look like an idiot than not checking first. You need to tune your sensors to follow your gut. Often, you sort of knew but went ahead anyway. 

It is becoming more common to have “End User Awareness” training for your staff to help them practise and fail in a safe environment. I like to think of this in terms of training your gut, as I feel many users lack this element. It also has the benefit of allowing you to focus attention on those who are repeat offenders and focus your efforts on them. Feel free to reach out if you think you and your staff are in need of some security training by emailing or calling 028 9442 7000.  

Let's work together

Thank you for your enquiry. Someone will be in touch as soon as possible!

Our use of cookies

Some cookies are necessary for us to manage how our website behaves while other optional, or non-necessary, cookies help us to analyse website usage. You can Accept All or Reject All optional cookies or control individual cookie types below.

You can read more in our Cookie Notice


These cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytics cookies

Analytical cookies help us to improve our website by collecting and reporting information on its usage.

Third-Party Cookies

These cookies are set by a website other than the website you are visiting usually as a result of some embedded content such as a video, a social media share or a like button or a contact map