IBM has just released its 2014 Cyber Security Intelligence Index. Much of the information presented seemed like the same old news. Humans intentionally instigated 95% of the attacks and that's not really surprising. Computers don't hate us and have no reason to steal personal information, trade secrets or credit card numbers. What I found surprising is that social engineering is still a preferred method for these malicious attacks. Ohlhorst points out the engineering is getting more targeted;
IBM correctly identifies how social networking has impacted IT security and makes the point "Rather than seeing a particular enterprise as a single entity, attackers now also look at an enterprise as collections of individuals. That means they decide to target specific people instead of enterprise infrastructures or applications. In other words, the personal lives and business activities of employees can be leveraged to target an enterprise."IBM says the average security breach costs the company $3.5 million. If 5% of the employees at your company are the inadvertent actors they target, are they trained to see social engineering methods? My employer has about 2000 people working in my building, so that means 100 of them are likely to provide the access an attacker wants. Is it worth the time and effort for companies to take this threat seriously and train employees more thoroughly?
Ohlhorst, F. (2014, October 8). IBM says most security breaches are due to human error. Retrieved from TechRepublic website: http://www.techrepublic.com/article/ibm-says-most-security-breaches-are-eue-to-human-error.
IBM. (2014). 2014 Cyber Security Intelligence Index. http://www-935.ibm.com/services/us/en/it-services/security-services/2014-cyber-security-intelligence-index-infographic/
No comments:
Post a Comment