Insider Security Attacks On The Rise, MS Says
from the the-human-factor dept
Microsoft is warning that "malicious insider" security attacks are on the rise as the economy churns out more and more disgruntled and/or desperate laid-off workers. Combine this with the high number of data breaches that are blamed on human error, and it's clear that the human factor remains a big problem in IT security. Technology often gets the blame for data breaches and leaks, but it's important to remember that in many cases, it's the implementation of the technology, or the policies behind it, that are to blame. For instance, in the massive TJX breach, a lot was made of the fact that the company's WiFi network was protected only by the easily cracked WEP security standard. But somewhere along the line, a human decision was made not to upgrade to something stronger, while another decision was made to transmit credit-card data without encryption. Whether it's simple incompetence or malicious activity, humans often surpass technology as the weakest link in the security chain.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Oh really?
As you state: "it's important to remember that in many cases, it's the implementation of the technology, or the policies behind it, that are to blame". And who implements the technology? Microsoft.
[ link to this | view in chronology ]
Re: Oh really?
As you state: "it's important to remember that in many cases, it's the implementation of the technology, or the policies behind it, that are to blame". And who implements the technology? Microsoft.
Yes. That would be Carlo's point.
[ link to this | view in chronology ]
Re: Oh really?
Microsoft rarely 'implements' the technology. They create the software. Network engineers and administrators 'implement' the technology. As far as I know, Microsoft doesn't produce many wireless products at all. The implementers have choices in software and hardware. What they choose and how they choose to configure it is very rarely a Microsoft decision.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
This is the distinction being made in the original post. Was the problem inherent to the software and hardware being used, or was it caused by poor choices in how to use it?
[ link to this | view in chronology ]
IMHO
[ link to this | view in chronology ]
Figures Microsoft would say this just shy of a new Windows release.
What I find interesting is how Microsoft refuses to acknowledge its own software is what allows these threats to increase. It seems every day, there's a new vulnerability found within the Windows operating system, rarely patched in time before being exploited.
It makes sense these attacks would increase during this economic state. Most IT departments are responsible for patching known vulnerabilities. Given how quickly businesses act, many are still open.
I still can't believe anyone would do this, especially during these times, simply to get "revenge" for being let go and destroying any future chance at working in the industry again.
[ link to this | view in chronology ]
This story is somewhat true. Human's are the weak link when it comes to the quality of solutions.
[ link to this | view in chronology ]
Looks like a Sales Pitch
Is anyone trying to sell their "Data loss prevention systems" ?
[ link to this | view in chronology ]
Re: Looks like a Sales Pitch
data loss prevention is pretty simple:
1) centralize your data on a secure platform
2) use encryption and access control when granting access to the secured storage
3) if data cannot be centralized, then it must be encrypted with strong cryptographic tools.
[ link to this | view in chronology ]
the WEP decision
WPA2 is great, but support for it was not built into windows xp, so you have to install the wpa2/wps ie update or move to service pack 3. this means testing, deployment, and even training.
what about those other devices, like pdas, phones, or barcode readers, that may not include WPA2 support?
the problem isn't with the decision to use wep. the problem is with not separating the wireless network from the corporate network when wep was proven to be insecure.
[ link to this | view in chronology ]
Just like all the companies that blamed SAP and consultants when their huge implementation didn't do what was planned because the company didn't spend the money on the proper planning or the proper modules. Companies take shortcuts that cost them in the long run.
[ link to this | view in chronology ]
BEST PRACTICES PHOEY!
[ link to this | view in chronology ]
Is the technology here to serve man, or are we here to serve the technology?
Plus, it really doesn't matter what technology you put in place - an 'unhackable' system puts me in mind of an 'unsinkable' ship - and we all know where that ends up.
[ link to this | view in chronology ]