Security News > 2011 > May > It's the human threat, stupid

It's the human threat, stupid
2011-05-18 08:36

http://www.csoonline.com/article/682445/it-s-the-human-threat-stupid By George V. Hulme CSO May 17, 2011 Anyone who has worked to defend enterprise secrets from theft knows that the answer to success certainly doesn't come from technology alone. Few know this better than Eric O'Neill. O'Neill is the former FBI operative who worked as an investigative specialist and played a crucial role in the arrest and conviction of FBI agent Robert Hanssen for spying against the U.S. for the former Soviet Union and Russia. The 2007 movie "Breach" was based on O'Neill's experience investigating Hanssen. "The human element is usually the weakest link," O'Neill said yesterday at the 2011 Computer Enterprise and Investigations Conference (CEIC) 2011. That's not to say IT security isn't important. It is. In fact, the forensic analysis of a Palm Pilot played a crucial role in the apprehension of Hanssen, as it detailed the location and time of his next drop to the Russians. And the explosion of electronic devices has become crucial to fighting both the spying of nations and of corporate espionage. "Spies previously had to first photocopy or photograph the material they wanted, then make arrangements for drops and payments," O'Neill said. "Today they just capture it on their phone and email it to anywhere in the world." It's also probably no surprise that an attacker today is likely to start their attack with their web browser. "When you think of hackers, the hackers will spend some time social engineering their targets rather than spend hours of hacking," he said. "If I were to try to steal from you, I would examine your personnel, and today I'd start on Twitter, Facebook, and look at as many people involved with you that I can find," O'Neill said. "I would look for people who talked about how they hated their boss. I'd find out where they like to hang out and I'd go see what they had to say," he said. [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/


News URL

http://www.csoonline.com/article/682445/it-s-the-human-threat-stupid