Tuesday, December 11, 2007

Human beings are the reason for most security breaches!

If you think phishing is merely a financial crime, think again. Eleven employees at a nuclear research facility fell for a phishy e-mail, which appears to have been an attempt to steal information.

The New York Times reported:

A cyber attack reported last week by one of the federal government’s nuclear weapons laboratories may have originated in China, according to a confidential memorandum distributed Wednesday to public and private security officials by the Department of Homeland Security.

Although the article suggests China may behind this attempt, the article suggests they have plausible deniability:

Security researchers said the memorandum, which was obtained by The New York Times from an executive at a private company, included a list of Web and Internet addresses that were linked to locations in China. However, they noted that such links did not prove that the Chinese government or Chinese citizens were involved in the attacks. In the past, intruders have compromised computers in China and then used them to disguise their true location.

I guess it might have been a host of undesirables trying to steal this information. A lot of Internet misfits redirect through China to do their misdeeds on the Internet.

What's scary is that eleven employees at a Nuclear Research Facility clicked on a phisy e-mail and compromised sensitive material.

I recently wrote a post, where an official government audit revealed that 60 percent of IRS employees tested fell for a vishing scheme and gave up sensitive information.

Vishing is stealing information by telephone.

It was recently announced that private investigators are being indicted for vishing infomation in an illegal manner, sometimes referred to as pretexting.

All of these events would suggest that businesses and government organizations have a big opportunity when it comes to raising employee awareness on social engineering schemes that are used to compromise sensitive information.

IT also illustrates that human beings are the common cause for most breaches of security!

New York Times article, here.

Here are the two previous posts on the IRS vishing test and the indictment of private investigators for using social engineering techniques:

IRS audit reveals that the human factor is one the greatest threats to information (computer) security

Private Eyes charged with aggravated identity theft
Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)