Worried about sophisticated attacks, agencies ignore low-tech threats

[InfoSec News <alerts () infosecnews org>]

http://gcn.com/articles/2011/08/30/endpoint-security-low-tech-threats.aspx

By William Jackson
GCN.com
Aug 30, 2011

Sophisticated attacks using Advanced Persistent Threats are top of mind for 
nearly two-thirds of government IT officials in a recent security survey, but 
too little attention often is being paid to the low-hanging fruit being 
exploited by low-tech attacks.

“The results reinforce what we have known for a while,” said Dan Brown, 
director of security research for Bit9, the security company that did the 
survey. “The bar is not as high as we would like to think.”

The survey showed what Brown called “gaping holes” in security policy and 
practices that can let malicious code into an enterprise through unmanaged 
devices and downloading of applications.

Although most government organizations and defense contractors represented in 
the survey restrict some administrative rights of end users, 7 percent have no 
restrictions, and security too often relies on written policies without 
enforcement. As a result, two-thirds of respondents allow some downloading of 
software and 40 percent of them found spyware on computers. Nearly a third of 
them found known viruses and malware, as well as some zero-day exploits.

[...]

_____________________________________________________________
Register now for the #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/