RSS Alerts

Share

More services

Related Links

  • Kaspersky Lab UK
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Kaspersky Lab readies next-gen network PC security
    Kaspersky Lab, the veteran IT security vendor, has developed a new home/small office network defence technology. Known as PURE, the technology will be unveiled at the CeBIT Computer Faire when it opens in Hannover, Germany, on March 2.
  • Kaspersky highlights trojan threat
    Anti-virus company, Kaspersky lab, has issued a warning about the continual and increasing threat of trojans
  • Kaspersky Lab: watch out for Twitter-linked scamware
    Veteran IT security vendor Kaspersky Lab has warned internet users to be aware of rogue or scam software that purports to be an IT security application, but is merely a vehicle to extract revenue - and possibly even card details - from unsuspecting web users.
  • Kaspersky Lab arrives in Comet as founder gives rare interview
    Information security vendor Kaspersky Lab has joined the ranks of Symantec - whose yellow-cased IT security applications are sold by Currys, PC World and other retail vendors of computers - thanks to a deal with the Comet chain of stores.
  • China refutes McAfee claims it was behind Shady RAT attacks
    The Chinese government - via its People's Daily newspaper - has refuted allegations by McAfee that it was involved in the multi-year attack against US government servers and other Western computer systems.

Top 5 Stories

News

Kaspersky researcher says `human vulnerabilities' need patching too

05 March 2010

A paper just published by Kaspersky Lab, the Russian headquartered IT security vendor, claims to highlight the need for `human vulnerabilities' to be patched, in much the same way that computer software needs updating on a regular basis.

In the paper, David Emm, a senior researcher with Kaspersky's global research and analysis team, says that human vulnerabilities need to be patched, to prevent them from being the weakest link in an organisations' IT security chain.

According to Emm, cybercriminals are known to employ methods that exploit vulnerabilities in the human psyche, to spread their programs and collect data.

For example, he says in the paper, cybercriminals are increasingly targeting social networking sites such as Facebook, MySpace, LinkedIn, Twitter and others, due to the ever-increasing number of people that use them.

Emm claims that humans are typically the weakest link in any security system and that educating the user in security best practice needs to be at the a part of any effective IT strategy.

No corporate security policy can be considered effective, he argues, if it fails to address the human factor.

In addition to securing digital resources, he says, IT professionals need to find efficient methods for `patching' human resources too.

"A security strategy is far more likely to be effective if staff understand and support it. Furthermore, it is important not to see security information and training as just an IT issue", he said.

Instead, he says, it should be seen within an overall human resources context.

"Employees need to be told, in simple, straightforward language, the nature of the threat. They need to understand what protection measures the organisation has deployed, and why, and how these may affect them in carrying out their duties", he said.

"It also ensures that staff – who are increasingly working from home these days – are not exposing business resources to unnecessary risks", he added.

This article is featured in:
Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012