The Four Most Common Security Dangers - InformationWeek
IoT
IoT
Infrastructure
News
9/6/2005
09:18 AM
50%
50%
RELATED EVENTS
[Dark Reading] Cybersecurity Crash Course
Jan 11, 2018
Keeping up with the every changing world or cyber security can be exhausting. Dark Reading wants ...Read More>>

The Four Most Common Security Dangers

Social engineering, faulty procedures, technical abuse and insider trading rank as the four biggest threats. Learn more.

For all the complexity of security, the most common security dangers are downright mundane. They're not due to the arcane arts of the most skilled hackers or some cunning exploit; they're out there in plain sight.

"A successful attack depends on a combination of four things that don't have a lot to do with the attacker," says Forrester Research analyst Paul Stamp. "It's usually something like social engineering, a breakdown in process or the absence of process. It could have something to do with a simple technical vulnerability or insider abuse. But it's usually a combination of two or more of those four factors."

The thing that should send chills up the spine of anyone who manages a network open to the Internet -- which is to say, virtually all networks -- is the fact that all of these vulnerabilities can be easily caught and fixed. Because they're so common, obvious, or at least mundane, however, they are often the last place you'll look for danger.

Social Engineering: It's humbling to remember that superstar hacker Kevin Mitnick wasn't much of a code warrior. However, he was a first-rate social engineer who raised the "Hi, how are you, what's your password?" approach to network delinquency to the level of a black art.

With the constant warnings about protecting passwords and not opening unsolicited attachments, you'd think that network users would be wise to what is, after all, the oldest trick in the hacker's book. But they aren't. Stamp says, "You'd be surprised how often social engineering succeeds."

Just this summer, the British Department of Defence -- which should be on the list of people who should be wise to this -- was subjected to a targeted Trojan attack. "People were sent CDs with marketing material," Stamp says. "In fact, it installed a targeted Trojan that collected confidential information."

The bottom line is that even smart people can be sucked-in by social engineering. The first step toward protection, Stamp says, is as basic as education. "It truly is a boring recommendation, but we have to educate users and back that up with action," he says. "The time has passed for us to tolerate fools. We have to be serious about this and take disciplinary action against people who don't do what they're supposed to do. The stakes are too high."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
2017 State of IT Report
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll