Wednesday, June 15, 2016

Social engineering continues to be an issue

            Attackers are constantly looking for areas to exploit. This may be from poor coding, newly found vulnerabilities, USB dropped at the target’s work site, and other areas that may prove to be fruitful for the attacker. This continues unfortunately.
            The continued focus continues to be the users and specifically their lack of impressiveness with information security. In previous studies, college students were offered a nominal trinket in exchange for their password. The college students at a significant rate provided their ID and password. When a person is offered some form of consideration, there is a tendency to feel obligated to return the favor. This simple manipulation continues to be successful on various levels.
            A recent glaring example of this occurred with a study performed by the University of Luxembourg (Nelson, 2016). The persons were approached on the street, asked for their password while given a chocolate, and then asked for their opinion on information security. By simply asking a question and offering a chocolate, 44% of the subjects provided their private, confidential password and the path to their personal data.
            This recent research study exemplifies the ongoing issue of the users not appreciating information security or its far reaching effects. There continues to be the need for continued education and training. Even Mark Zuckerberg’s password for twitter and pinterest, prior to being hacked, was not complex at dadada (McMillan, 2016).
            Users still unfortunately view information security as an inconvenience, until their identity is stolen. At this junction, users and consumers then begin to think back to what they may have done to allow this. The security community still needs to provide real world application of what has happened to others in the corporate world and what someone could do with the information in place online of their own volition into social media. The days of the annual information security meeting with the bland power point slides showing data have passed. The users need to be engaged during the training to increase the potential for them to remember and utilize the methods needed to lower the risk.

References

McMillan, R. (2016, June 6). Mark zuckerberg’s twitter and pinterest accounts hacked. Retrieved from www.wsj.com/articles/mark-zuckergers-twitter-and-pinterest-accounts-hacked-1465251954
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)