Posted by: psilva | January 22, 2009

Blame it on the Brain


Not that it ever let up, but we continue to see breaches, hacks, attacks and malware incidents being reported almost daily.  Botnets are abound and the targeted (adware, trojan, spyware, browser modifier) threat growth is on the up-climb.

Companies are challenged to keep their infrastructure safe and are deploying various technologies to thwart the threat.  The thing I find fascinating about some of the recent stories is that while some hackers are changing tactics, many of these incidents weren’t accomplished using any ‘advanced’ techniques to break in, they just exploited the human factor.

Human curiosity, willingness to help and general unawareness have helped the malware mania and with these visceral times, we don’t sometimes stop and think of the ramifications of our clicks.  I’m sure many of you have heard about Social Engineering, the USB Way story where a consultant ‘seeded’ loaded USB thumb drives in a bank parking lot and watched (with his eyes) as employees grabbed them and watched (via returned emails) as they started to plug them into corporate workstations.  The fake Obama website had a simple link with a eye catching headline: ‘Barack Obama Has Refused to Be President.’  ‘What?!?  No Way, I gotta read this story…’ Click – and the damage is done.  It has been reported that the Checkfree breach was possibly due to a phishing scheme and certain MITM (man-in-the-middle) attacks require the user to click thru the certificate warnings.

2009 is certain to bring new infections to devices, new techniques to slip through firewalls, new social media outbreaks and probably a few more big names in the headlines – and F5 has plenty of solutions to solve emerging threats – but I also think simple Social Engineering threats will have a huge impact this year.  There are many folks who might be anxious about their situation and when we’re under a lot of stress, we don’t always think clearly.  With all of the technological challenges facing IT departments this year, don’t forget about your users and how our brains work.  These threats, while simple, require new education and refresher training, both to protect your infrastructure and sometimes, us from ourselves.

ps

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: