[ISN] It's the human threat, stupid

From: InfoSec News <alerts_at_private>
Date: Wed, 18 May 2011 03:36:54 -0500 (CDT)

By George V. Hulme
May 17, 2011

Anyone who has worked to defend enterprise secrets from theft knows that 
the answer to success certainly doesn't come from technology alone.

Few know this better than Eric O'Neill. O'Neill is the former FBI 
operative who worked as an investigative specialist and played a crucial 
role in the arrest and conviction of FBI agent Robert Hanssen for spying 
against the U.S. for the former Soviet Union and Russia. The 2007 movie 
"Breach" was based on O'Neill's experience investigating Hanssen.

"The human element is usually the weakest link," O'Neill said yesterday 
at the 2011 Computer Enterprise and Investigations Conference (CEIC) 

That's not to say IT security isn't important. It is. In fact, the 
forensic analysis of a Palm Pilot played a crucial role in the 
apprehension of Hanssen, as it detailed the location and time of his 
next drop to the Russians. And the explosion of electronic devices has 
become crucial to fighting both the spying of nations and of corporate 
espionage. "Spies previously had to first photocopy or photograph the 
material they wanted, then make arrangements for drops and payments," 
O'Neill said. "Today they just capture it on their phone and email it to 
anywhere in the world."

It's also probably no surprise that an attacker today is likely to start 
their attack with their web browser. "When you think of hackers, the 
hackers will spend some time social engineering their targets rather 
than spend hours of hacking," he said. "If I were to try to steal from 
you, I would examine your personnel, and today I'd start on Twitter, 
Facebook, and look at as many people involved with you that I can find," 
O'Neill said. "I would look for people who talked about how they hated 
their boss. I'd find out where they like to hang out and I'd go see what 
they had to say," he said.


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
Received on Wed May 18 2011 - 01:36:54 PDT

This archive was generated by hypermail 2.2.0 : Wed May 18 2011 - 01:56:34 PDT