http://www.darkreading.com/insider-threat/167801100/security/security-management/240142363/four-ways-to-turn-insiders-into-assets.html By Robert Lemos Contributing Writer Dark Reading Nov 19, 2012 Jayson Street has few problems walking into businesses and getting access to sensitive company data. A vice president of information security for a bank by day, Street moonlights as a penetration tester at Stratagem 1 Solutions, a job at which he has yet to fail. At the CyberCrime Symposium in Portsmouth, NH earlier this month, Street illustrated all the ways that attackers can gain physical and network access to corporate computers, from tailgating to get physical access to custom USB drives to infect workers' systems to phishing employees to gain network credentials. He stresses that his success is not due to his skill in social engineering workers, but the employees lack of preparedness to handle the strategies used by the bad guys. "This is stuff that anybody can do with any kind of skill level," he said. Companies need to stop solely focusing on preventing attacks and invest effort in detecting when attackers have breached their systems. A good way to do that is to train employees to better recognize threats and respond to potential security issues in the proper way, turning worker from liabilities into assets. [...] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.orgReceived on Tue Nov 20 2012 - 02:06:34 PST
This archive was generated by hypermail 2.2.0 : Tue Nov 20 2012 - 02:19:25 PST