Free Newsletter
HOT TOPICS >> The tech world's top flops and fiascos of 2011 | Top 8 features in Windows 8 | Paul's Q&As
INDUSTRY >> Healthcare IT | Government IT | Financial Services IT | Biotech IT | Compliance IT
Defending against social engineering should be a top priority
It has emerged that malware loaded onto a USB flash drive led to the worst U.S. military breach ever. And though the recently declassified event took place some two years back, it probably comes as no surprise that an unrelated report from PandaLabs identified one quarter of all worms as spreading via infected USB storage devices.
While it is tempting to point the finger at Microsoft (NASDAQ: MSFT) or security companies, the truth is that Windows 7 no longer launches executables upon the insertion of new flash media. So how could such a large percentage of infections still be caused by the use of USB storage devices? My theory is this: Users are still launching applications without regard to the dangers; and are either being tricked or cajoled into doing so.
In fact, the scattering of USB flash drives around a company's parking lot is a ruse that has actually taken place in the past. It is not hard to imagine employees picking these USB devices up and then trying to view their contents on their workstation--perhaps in an attempt to return the storage devices. Whatever the intent though, their actions could potentially jeopardize their corporate networks.
Even right now, I have a laptop sitting on my desk that has been plagued with rogue software--a type of malware that poses to be legit security software. Based on my investigation, I concluded that the owner (a friend of mine) was tricked into installing a malware masquerading as security software. Instead, this "security software" is now periodically discovering all manner of fictitious malware; launching a new window that helpfully offers various paid "upgrade" options as the remedy.
As I reported previously, companies targeted as part of a social engineering contest in the recent DEF CON 18 Hacking Conference more than amply prove that businesses are not prepared against such attack vectors. My point here is simple: Social engineering can and has been successful in facilitating security breaches. Companies need to defend against social engineering if they are serious about security.
The only strategy that has a chance of defeating social engineering is user training. To stay secure, corporations need to start investing not only in the hardware and software which defends their computing infrastructures, but the heartware of their staffers as well. - Paul Mah (Twitter @paulmah)
SHARE WITH:
Home
| Subscribe | Advertise | RSS |
Privacy
| Site Map
| EditorsTHE FIERCEMARKETS NETWORKFierceEnergy | FierceSmartGrid | FierceFinance | FierceFinanceIT | FierceComplianceIT | FierceHealthcare | FierceHealthFinance | FierceHealthIT | Hospital Impact | FierceMobileHealthcare | FierceHealthPayer | FiercePracticeManagement | FierceEMR | FierceCIO | FierceCIO:TechWatch | FierceContentManagement | FierceMobileIT | FierceGovernmentIT | FierceGovernment | FierceHomelandSecurity | FierceBiotech | FierceBiotech Research | FiercePharma | FierceVaccines | FierceBiotechIT | FiercePharma Manufacturing | FierceMedicalDevices | FierceDrugDelivery | FierceIPTV | FierceOnlineVideo | FierceTelecom | FierceEnterpriseCommunications | FierceBroadbandWireless | FierceDeveloper | FierceMobileContent | FierceWireless | FierceWireless:Europe | FierceCable© 2011 FierceMarkets. All rights reserved. |
 |
