January 19, 2015
Security Breach
OPEN A NEWSPAPER, turn on the news, go to your favorite website. Chances are you are going to see or hear something related to cyber security. Organizations and individuals alike are getting hacked, and confidential information is being stolen. I see companies relying more and more on hardware and software solutions. It is not enough. We are not treating the root of the problem.
If a child continually scrapes his or her knee, instead of simply providing a bandage it might behoove us to ask why the knee always ends up scraped.
In the context of cyber security, the answer is not always going to be more advanced hardware and software. I am in no way suggesting that we should avoid upgrading our systems or improving our hardware or software. However, we are neglecting the most important aspect of the information system, the human element.
Let’s look at it this way. You can have the safest car on the road, but in the hands of an accident-prone driver who simply shouldn’t be behind the wheel, chances are it is still going to crash.
The human element is easily forgotten when it comes to cyber security not only because it is difficult to quantify, but because when we think of cyber security we almost immediately think of Internet viruses and hackers typing away furiously at their keyboards in a dark, secluded basement.
As a penetration tester, it is my job to test the security of a system by viewing it through the eyes of an attacker. I quickly learned that when attempting to attack a system, it is easier to simply ask for the information you are trying to gather rather that spend the hours in front of a computer to hack your way in.
During one of these tests, a colleague of mine simply walked into the organization he was hired to test. He had nothing but a business card and a cable company uniform purchased off of eBay. Within minutes, he was given access to the server room and had the usernames and passwords of various employees.
You might argue that this scenario would never happen to you. But ask yourself, what you would have done differently? He was never questioned simply because he looked and acted the part.
Hackers manipulate our inherent trust by controlling the environment. If a hacker is able to gain your credentials or other sensitive information by sending a few well-designed emails, redirecting you to a website he controls, or getting you to download something on his behalf, then why spend the time writing complicated code? In other words, it’s easier to hack the human element than a computer system.
There is an exhaustive list of examples on how hackers can manipulate others into revealing confidential information. Trying to figure out how to combat each and every one would be a futile effort. Instead, I challenge you to learn basic security principles, how a cyber attack really works, and how to protect yourself.
Educate yourself so you are informed the next time you encounter an unfamiliar system. The lack of education is one of the biggest threats to the security of an organization, and one of the easiest to fix once identified.Ian Lassonde is founder of Fifth Law LLC in Bedford.Share and Enjoybreach, network, security
© 2015 IT Security Alerts
Powered by WordPress | Theme Designed by: Italian Mens Suits | Thanks to Mens Suits, 3 Deals and Contract Mobiles
—>
