Information Security News mailing list archives
The human OS: Overdue for a social engineering patch
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 14 Oct 2014 08:40:15 +0000 (UTC)
http://www.csoonline.com/article/2824563/social-engineering/the-human-os-overdue-for-a-social-engineering-patch.html By Taylor Armerding CSO Oct 13, 2014It sounds like the operating system that really needs some serious security patches is the human one.
While technology giants like Microsoft, Google and Apple regularly crank out updates, patches and fixes for zero-day vulnerabilities and other threats, the weakest link in the security chain -- the careless or clueless employee -- remains the weakest.
That is in large measure because there is no technology that can prevent someone falling for increasingly sophisticated social engineering attacks. As has been regularly reported during the past year, some of the biggest data breaches in history have been launched by attackers fooling an employee.
And that is despite years of exhortations by experts that worker security awareness training needs to be much more than a perfunctory lecture or PowerPoint presentation once every six months or so.
In a recent flash poll conducted by Dark Reading, more than half of 633 respondents said, "the most dangerous social engineering threat to their organizations was due to a lack of employee awareness."
[...] -- Evident.io - Continuous Cloud Security for AWS. Identify and mitigate risks in 5 minutes or less. Sign up for a free trial @ https://evident.io/
Current thread:
- The human OS: Overdue for a social engineering patch InfoSec News (Oct 14)