Friday 15 November 2013

The Human Hack: How to Fight a Risk Technology Can't Fix

False Phishing Attacks Wake Employees to Cyber Security Threat
The security room of Poste Italiane headquarters in 2009, where they handle computer security, and fight phishing--the criminally fraudulent process of attempting to acquire sensitive information by masquerading as a trustworthy entity via email. Photographer: Roberto Caccuri/Contrasto via Redux
A year ago, James Robinson played a trick on about 600 salespeople at a company where you wouldn't expect the employees to be easily fooled.
Staffers at Websense Inc. got a generic-looking e-mail that encouraged them to click on a link to learn which product they could sell to earn a bigger bonus. The link led to an unfamiliar website that asked for their user names and passwords.
"What came back to us was crazy, it was in the 60 to 70 percentile -- people were clicking on the link," said Robinson, security architecture and strategy officer at the San Diego-based company. Of those who clicked, 80 percent proceeded to obediently type in their log-in credentials, which is the kind of information that could allow a hacker to break into a corporate network and steal critical data.

0 comments :