RSS Alerts

Share

More services

Geoff Webb

Job title:
senior product marketing manager, Credant Technologies

Areas of expertise:
security, compliance, security process automation, security information, event management

Biography:
Geoff Webb has over 20 years of experience in the tech industry and has provided commentary on security and compliance trends, and written on a number of related topics for such journals and websites as: CIO Update, The Tech Herald, Compliance Authority, Virtual Strategy Magazine, TechBlind, Internetnews.com, e-Finance & Payments, Law & Policy, Dark Reading, BankInfoSecurity.com, Payment News and InfoSecurity.com, among others. As a senior manager of product marketing at Credant Technologies, Webb is responsible for compliance, security management and configuration control solutions. Prior to Credant, Webb held management positions at NetIQ, FutureSoft, SurfControl and JSB. Webb holds a combined bachelor of science degree in computer science and prehistoric archaeology from the University of Liverpool.

Tag Cloud

WiFicloudSecuritycloud securityDavid HarleyCompliancehackingMalware

Bloggers

Blog

Attacking the Human Wall

Good post here from Brandon Williams on the inherent weakness of security processes that ignores the human element.

There's nothing new in saying that humans are the weakest link in the security chain (ok, in *most* people's security chain) but Brandon's right: People really are the new perimeter. In more ways than one.

The point he makes (and it's a fair one) is that for all the investments you make in technical and physical security, it really won’t matter if you don't invest in educating your employees to not do anything stupid

Employees have always needed to understand the why’s of good information security practices, but as the perimeter becomes porous (or becomes many perimeters) the need for this knowledge has grown significantly.  Attackers target employees to do the dirty work andhelp them  break into systems that are well defended. The prime example is the successful attack on RSA earlier this year. 

Attackers go after the employees because employees already have the access to what they want, and if they can subvert a helpful or unsuspecting employee, they can bypass many, if not most, of those expensive security products you hoped would keep the hackers out and the data in.

A well-educated employee, one who understands how to spot when they are being targeted (and gets why breaches are bad,) can quickly stop an attack, or at least alert you when something suspicious is going on.

So while employees are your best defense against attack, they are also your weakest link.  And it's getting worse.  Much worse.

As information moves outside of the traditional four walls, or whatever is left of the perimeter, and onto smartphones, removable media, and into many, many cloud infrastructures, the ability of your current security controls to follow that data, to keep it safe, diminishes as the data moves faster, in more places, and in greater quantities than we could have imagined, even five years ago. With much of that data mobility driven by individuals using their own devices and consumer cloud services such as Dropbox or Box.net, keeping data safe is getting harder, fast.

As the one entrusted with securing your organization, you're going to need help.  And that help can only come from the people who understand that they are the custodians of the data you are tasked to keep safe – your employees and the users themselves.

If there is one control that you have at least a reasonable chance of extending out there into the misty reaches of the cloud, it's a well-educated and informed employee.

Posted 28/10/2011 by Geoff Webb

Tagged under:Security,RSA,Cloud,Social Engineering

Comment on this blog

You must be registered and logged in to leave a comment about this blog.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012