The Human Factor of Targeted Attacks

This week Raimund disucss how the human factor and social networks play a part in targeted attacks.

[transcript]
Thanks to Social networks it is easy to identify prime victims within Enterprises and send them a message with a poison pill, a malicious attachment or malicious link. But that’s not all. We see more and more attacks actually via a phone and based on the accents, they are conducted by sweat shops out of India.
Our UK office receptionist received a bunch of it. Luckily she works for a security company and is security aware so she didn’t reveal any information about our staff. Ask yourself what are your corporate policies regarding social networking. Is there even one? If there is one, did you clearly define what company related information would be shared? Did you conduct a social media threat awareness campaign to educate the staff about the negative effects about reveling information or about facebook clip checking?

You don’t want to stop the usage of social networks. They have their benefits but as with every cool and new, comparing to e-mail it’s a new technology, we need to learn how to manage it. How much is the user reputation negatively affective if he or she falls prey to the latest clip checking wave and all of a sudden post porn text. Telling your friends later that it wasn’t on purpose but a piece of malware. Too late! The social media reputation just went to hell.

As security professionals it’s really our responsibility to protect our company assets so education, user-awareness is key. And it’s part of our job to protect not only to protect our company reputation I believe, but also the reputation of our staff. So please start to add to your corporate policies and then start a campaign about social networks and how easy social engineering is because users simply share too much. It starts with the web world, with us as human being. We just want to trust others So in terms of key security we always have been the weakest link and we always will be the weakest link.
That’s life.

If you enjoyed this post, make sure you subscribe to my RSS feed!


No Responses to “The Human Factor of Targeted Attacks”

  1. [...] level of targeting and sophistication are results of prior knowledge gained by the attackers and not necessarily caused by some technical brilliance with regard to the tools and methods [...]

  2. [...] bottom line is that everyone online—that means you and me, reader—has to be responsible for their data. Too many sites ask for too much information, which you may not want them to know. Does a message [...]

  3. [...] iPhones, and other mobile devices. If the IT staff has not properly planned for this contingency, serious security problems will definitely present [...]

  4. [...] events demonstrate that in addition to targeted attacks that encourage users to open malicious attachments, usually .PDF and .DOC files, attackers are also [...]

  5. [...] Source: Trend Micro – CTO Insight Blog, Post by ctaylor Comments [...]

  6. [...] attack, depending on the weaknesses found. The weakness may be an infrastructure security hole or a good old human vulnerability and the attacker will use the appropriate means to get inside the network. After that, the attack [...]

Leave a Reply

*