Employees are Part of Your Security Infrastructure, Too
Informative article on cybercrime in the workforce and what you can do about it
via Osterman Research February 25, 2013, 10:54 am
“Most will agree that despite the enormous amounts spent on secure Web gateways, anti-virus software, cloud-based malware filtering and the like, users are still the weak link in the security chain. The primary reason for this is that increasingly they are the targets, often supplying the bad guys with the information they need by posting detailed personal information on social media and other sites. Moreover, bad guys can often harvest many of your company’s email addresses and use them to launch a phishing or spearphishing attack against your company’s employees. Smaller organizations are typically most vulnerable to attack because they often lack the budget or expertise to thwart sophisticated attacks.
“As just one example of what can happen to a company, a cybercriminal could launch a spearphishing attack against a small company’s owner or other senior executive for the purpose of infecting his or her PC with malware, such as a keystroke logger. The goal of doing so would be to gain access to the corporate financial accounts so that the cybercriminal could transfer money to mules operating elsewhere in the country who would, in turn, transfer the money offshore.
“To see how much information I could gather on a senior executive, I chose a company at random in Kent, Washington after doing a quick Google search….”
Read the rest of the article on the Osterman blog (no longer available, site owner deleted the blog)