State of security: Human error and remembering the essentials

Discussion in 'other security issues & news' started by ronjor, May 5, 2016.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,763
    Location:
    Texas
    https://www.helpnetsecurity.com/2016/05/05/state-of-security-human-error/
     
  2. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    491
    Location:
    Earth .... occasionally
    Good article , but not surprising.

    "This human element is perhaps the most perplexing to guard against."


    Sadly , it is the same old story .
    By far the biggest security threat is the one sitting in front of the machine.

    I always give clients the standard advice after fixing their systems .....
    use an AV ( pay for it if it makes you feel better ) and make sure that it is running ( along with a firewall ) .
    Keep your system and apps updated , and read ,and think before clicking anything that mentions "Install"
    or " Download ".
    And do not login as Admin.
    This gets ignored more than anything else .... it is often taken to mean " You are not to be trusted with sharp knives ".

    It always reminds me of what the doctors say ....
    ... cut down on alcohol , tobacco and fatty foods , eat more fruit and veg ,and take more exercise.
    And like them , I feel certain that the advice is forgotten or ignored before the door closes.

    But looking on the bright side .... there would be a lot of broke doctors and computer techs
    if everybody acted on good advice :)
     
    Last edited: May 5, 2016
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,763
    Location:
    Texas
    Which lead to things like this.
    http://www.tripwire.com/state-of-se...rminated-after-falling-for-w-2-phishing-scam/
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Most notable from the Tripwire article:

    “If you fire every employee who clicks a Phish you will soon have no employees,” commented Cris Thomas, security expert and Strategist at Tenable, as quoted by Salted Hash. “While anti-Phishing training may reduce the number of incidents, it will never be 100-percent effective. It only takes one person to click, even by mistake. You need to assume that a Phish will succeed, that bad guys will get in. It’s what you do after the attack that matters.”
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    Sad thing about this is that in many cases, the environment set by the CEO creates the problem. There was an incident a while back where a financial officer got an email from the CEO, order her to transfer out several million dollars. Something didn't feel right about it so the officer queried the CEO and indeed the email was bogus. But this CEO created an environment where the financial officer felt free to challenge. In a lot of situations, the environment is one of fear and employee is to afraid to challenge the CEO. Bye bye money, but where does the fault lie.
     
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    File the article in "There is nothing new" box. The human element has been recognized for many years.

    Remember when Mac users were supposed to be invincible?

    In 2007 (nine years ago!), an isc.sans.org diary reported on the first Trojan for Mac in the wild:
    About a year later, Marco Giuliani wrote in a prevx.com blog,
    I'm not willing to say that there is no solution, but the prospects for a solution are not encouraging.

    ----
    rich
     
Loading...