Frequently during the course of a security assessment, we get asked about social engineering. People want to know if it is really worth the time it takes, and what is the point, anyway? Well, the bottom line is that the access an intruder can achieve either by physically walking into an office or data center, or by convincing an employee to click on a link or divulge information over the phone, can be one of the quickest ways to a data breach. In fact, according to the FBI data security survey in 2009, non-malicious insiders (folks that just make mistakes such as the ones listed below) are a much bigger problem than malicious insiders. In fact, 16% of respondents reported that nearly all of their losses were due to these well-meaning insiders.
Categories
Archives
Recent Posts
- Slow network performance for Windows Server 2008 guest on vmware ESXi 4.1
- Now available: Unix and Linux System Administration Handbook, 4th edition
- The Barking Seal Q3 2010 is Here and Filled with Goodies!
- A Gentle Infrastructure Monitoring Reminder
- AppliedTrust Goes Drupal!
- Information Security and Running, Long Lost Brothers?
- An IT lesson from the BP disaster
- AppliedTrust sponsors “Laps for Learning”
- AppliedTrust featured on One Day, One Job!
- issues.apache.org compromised by XSS vulnerability
Recent Comments
- Big D on Slow network performance for Windows Server 2008 guest on vmware ESXi 4.1
- trent on Slow network performance for Windows Server 2008 guest on vmware ESXi 4.1
- Big D on Slow network performance for Windows Server 2008 guest on vmware ESXi 4.1
- The Barking Seal » Blog Archive » A Gentle Infrastructure Monitoring Reminder on Interpreting Packet Traces with Wireshark (Part 1 of n)
- Drew on An IT lesson from the BP disaster
- GKhamait on Monitoring site-to-site VPNs on a Cisco ASA
- Onthebus on MS SQL Mirroring for High Availability
- casandpoint on Encrypted Storage in the Cloud
- Ben Edelen on issues.apache.org compromised by XSS vulnerability
- dan on Social Engineering, Part Two