Employees don't mean to be the primary entry point for hackers. But they are.
We are the weakest link.
Hacking attacks against companies are growing bigger and bolder—witness a string of high-profile breaches this year at Sony Corp., Citigroup Inc. and others. But gone are the days when hackers would simply find holes in corporate networks to steal valuable data. Large companies have grown wise to the threat of hacking, and have spent the past 30 years hardening the perimeters of their networks with upgraded technology.
"The security gap is end users," says Kevin Mandia, chief executive of security firm Mandiant Corp. The majority of corporate security breaches his firm is currently investigating involve hackers who gained access to company networks by exploiting well-intentioned employees.
Consider what happened in March at EMC Corp.'s RSA security unit, the maker of computer login devices used by thousands of other companies. A hacker sent emails to two small groups of employees that looked innocent enough, including a spreadsheet titled "2011 Recruitment plan." The message was so convincing that one employee retrieved it from the "junk mail" folder and then opened the attachment. Doing so introduced a virus inside RSA's network that eventually gave the hacker access to sensitive company data and enabled later attacks against RSA's customers.
Employees have more opportunities than ever to compromise company information. We not only screw up by clicking on emails from hackers that download viruses, letting them bypass corporate firewalls. We also open a Pandora's Box of security problems by circumventing company tech-support rules and doing work with personal gadgets and consumer-grade online services like Web email and cloud storage services.
Closing these holes is proving very difficult, security experts say. But companies keep fighting. To stop potentially dangerous employee habits, they're testing new tools to keep track of what's happening on their networks and rolling out employee education programs.
To Continue Reading: Click Here
--------------------------------------
Source: The Wall Street Journal
By: Geoffrey A. Fowler
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment