Oh goodie, another funny name for a social engineering attack
To quote their most recent blog post on (cringe) SMiShing, McAfee's Avert Labs proposes that "IT security staff cannot control human behaviour."
Maybe I'm reading a little too much into this, but it sounds awfully defeatist. Security device vendors (like me) control human behavior all the time via IT staffs around the world -- a preventative device like an IPS (or even just a firewall) can pretty seriously hamper a victim's best efforts to get 0wned, thanks to creative and forward-looking research and development.
Plus, if your IT security staff visits your desk (or your bosses desk) with evidence that you've been picking up spyware that travels exclusively on pr0n sites, I bet that will effectively control what you do (or not) at work from then on...
It's an unfortunate mindset when security pros dismiss classes of attack as "oh, that's social engineering, nothing we can do there...."
Maybe I'm reading a little too much into this, but it sounds awfully defeatist. Security device vendors (like me) control human behavior all the time via IT staffs around the world -- a preventative device like an IPS (or even just a firewall) can pretty seriously hamper a victim's best efforts to get 0wned, thanks to creative and forward-looking research and development.
Plus, if your IT security staff visits your desk (or your bosses desk) with evidence that you've been picking up spyware that travels exclusively on pr0n sites, I bet that will effectively control what you do (or not) at work from then on...
It's an unfortunate mindset when security pros dismiss classes of attack as "oh, that's social engineering, nothing we can do there...."
posted by todb at 2:08 PM
1 Comments:
Policies can be very effective in controlling human behavior, if the policy has teeth. If you have a policy in place and everyone breaks it…and you don’t do anything about it…then it doesn’t mean much.
I had great successful controlling humans when I detected them going to porn sites using content filtering software on the corporate internet proxy. Plus, you don’t have to control all human behavior…just the behavior of the employees (which have agreed to follow policy).
Post a Comment
Links to this post:
Create a Link
<< Home