|
Information Security News
mailing list archives
Four Ways to Turn Insiders Into Assets
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 20 Nov 2012 04:06:34 -0600 (CST)
http://www.darkreading.com/insider-threat/167801100/security/security-management/240142363/four-ways-to-turn-insiders-into-assets.html
By Robert Lemos
Contributing Writer
Dark Reading Nov 19, 2012
Jayson Street has few problems walking into businesses and getting
access to sensitive company data.
A vice president of information security for a bank by day, Street
moonlights as a penetration tester at Stratagem 1 Solutions, a job at
which he has yet to fail. At the CyberCrime Symposium in Portsmouth, NH
earlier this month, Street illustrated all the ways that attackers can
gain physical and network access to corporate computers, from tailgating
to get physical access to custom USB drives to infect workers' systems
to phishing employees to gain network credentials. He stresses that his
success is not due to his skill in social engineering workers, but the
employees lack of preparedness to handle the strategies used by the bad
guys.
"This is stuff that anybody can do with any kind of skill level," he
said.
Companies need to stop solely focusing on preventing attacks and invest
effort in detecting when attackers have breached their systems. A good
way to do that is to train employees to better recognize threats and
respond to potential security issues in the proper way, turning worker
from liabilities into assets.
[...]
______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org
 By Date 
By Thread
Current thread:
- Four Ways to Turn Insiders Into Assets InfoSec News (Nov 20)
|
