Web Links Directory - Free human edited web sites directory  - Article Details
CATEGORIES
STATISTICS
  • Active Links: 293846
  • Pending Links: 1214025
  • Todays Links: 0
  • Total Articles: 2460
  • Total Categories:
  • Sub Categories:

IT security - is employee’s weak links or essential to data protection?

Date Added: November 25, 2011 11:01:10 AM
Author: Astal Mark
Category:
HUMAN CURIOSITY Social networking sites make it easy for attackers to gain useful insights and launch spear-phishing emails that appear to come from trusted sources. The emails contain attachments on topics of interest to recipients. Once opened, a Trojan jumps aboard and gets to work. Sadly, SPAM filters aren’t much help here: a recent phishing experiment using fake LinkedIn invitations from Bill Gates bypassed all the spam filters used to test them. Often, the problem is a more basic one: the March 2010 MAAG Email Security Awareness and Usage Survey found that 50% of email users opened or accessed spam, clicking on their links or attachments. Nearly half of them did so because they were curious about what was being offered. In January 2011, Vodafone was reprimanded by the Australian Privacy Commissioner after employees placed billing and call records on a website protected only by password. Employees can be the weakest link in the chain of data protection, and better user education should be part of your security strategy. INSIDER THREATS One of the biggest threats comes from disgruntled employees seeking revenge by stealing information. The problem is worse if they have high level access, like IT staff or senior managers, since they know your systems and how to get around them. Because of this, insider theft and the consequences are often not detected at the time. In the Hilton Hotel-Starwood case in the USA in 2009, for instance, the theft didn’t come to light until the stolen trade secrets were used against Starwood, much later. It’s not always high-ranking employees and they aren’t always motivated by profit: just think of Bradley Manning, the US Private who leaked 400,000 sensitive Department of Defence documents to WikiLeaks in 2010. Like the Starwood case, it wasn’t detected at the time. Manning’s action was only discovered after he bragged about his exploits in an online chat. WHY TRADITION CAN’T WIN THE GAME In all these examples, large organisations and cyber securitybudgets were in place, along with comprehensive defence systems, so why did data protection systems fail so easily? It looks like traditional security solutions may stop the cough, but not the cold. Today’s cyber criminals are smart enough to outwit ‘set and forget’ security solutions every time. If: •Familiar websites can launch Trojans without the user even knowing; •Curious users can click on spam attachments and unleash malware; and •Trusted insiders can circumvent your security systems, maybe a smarter approach is needed - one that matches wits with the perpetrators. As new threat forms constantly evolve, it’s almost impossible to anticipate the next one, and zero-day is already too late. So, if you can’t prevent hostile social engineering or exclude all forms of malware, a smarter approach would be to find and stop activities as soon as they launch, regardless of the malware form. HOW SMARTER SYSTEMS CAN TURN THE GAME As Verizon puts it, effective data protection means taking steps to ‘make sure there are enough people, adequate tools, and/or sufficient processes (are) in place to recognize and respond to anomalies.’ In practice this means to: •Identify activity outside of the norm, as soon as it starts; •Correlate it with other events as they occur to assess context and risk; •Analyse events across multi-dimensions to confirm severity of the threat; •Alert IT staff to the location and extent of the threat; and •Launch a response immediately, not hours or days later.
Ratings
You must be logged in to leave a rating.
Average rating: (0 votes)
Comments

No Comments Yet.


You must be logged in to leave a Comment.
ARTICLES
How to remove link from Wldirectory
Here is the short description, how to remove your link, if you no longer need it.
Get started with jewellery online shopping and find yourself many discounts and offers to avail
Today, Internet is the most versatile tools in the field of marketing. People generally uses it, as to advertise their business and products, as to attaing more and more money and also to get some merchandise.
Shared Hosting Cons And Professionals
Tie this to the fact that Bluehost offer a one month, full money back guarantee if you are unsatisfied for just about any cause. This would be particularly so as it pertains to multiple web hosting.of datacenters.
Monster Beats Headphones Outlet
A center channel is also included. When you are experienced enough, try your hand on starting your own recording studio.
Are you purchasing quality furniture?
When it comes to purchasing furniture you have so many places to choose from.