Opinion

Weakest links are your staff

Kevin Mitnick, who was jailed after he stole the source code for Sun's Solaris operating system and hacked Tsutomu Shimomura's computers, reckoned that 70% of his successes as a hacker were down to manipulating people into supplying information, and only 30% relied on technical skills.

Humans are information-sharing animals - someone comes to you for help and you try to oblige. And, most of the time you are not really paying attention, which is what salesmen and con artists rely on. The most obvious example of this is charity collections. A recent field test showed collections for a bogus charity called "lags anonymous" succeeded in collecting money on the street in spite of stating clearly that its aim was to fund the escape of criminals.

Most business IT users have no idea that they are responsible for critical business assets (data), and have no understanding of the systems they use or the associated hazards.

An associate recently commented that Unix must be more robust than Windows because in 30 years he had seen fewer viruses damaging Unix systems. This ignored the fact that, until about five years ago you could not really use Unix unless you were fairly technical, whereas the whole drive of Windows development has been to make it easier for ordinary people to use.

The greatest contributor to the apparent insecurity of Windows is the ignorance of users. So, train your users in the basics of responsible, security-conscious computing, and get them to be street-wise about parting with information. Or suffer the consequences.

Mike Barwise is a consultant at www.computersecurityawareness.com/

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in September 2002

 

COMMENTS powered by Disqus  //  Commenting policy