Kaspersky researcher says `human vulnerabilities' need patching too

In the paper, David Emm, a senior researcher with Kaspersky's global research and analysis team, says that human vulnerabilities need to be patched, to prevent them from being the weakest link in an organisations' IT security chain.

According to Emm, cybercriminals are known to employ methods that exploit vulnerabilities in the human psyche, to spread their programs and collect data.

For example, he says in the paper, cybercriminals are increasingly targeting social networking sites such as Facebook, MySpace, LinkedIn, Twitter and others, due to the ever-increasing number of people that use them.

Emm claims that humans are typically the weakest link in any security system and that educating the user in security best practice needs to be at the a part of any effective IT strategy.

No corporate security policy can be considered effective, he argues, if it fails to address the human factor.

In addition to securing digital resources, he says, IT professionals need to find efficient methods for `patching' human resources too.

"A security strategy is far more likely to be effective if staff understand and support it. Furthermore, it is important not to see security information and training as just an IT issue", he said.

Instead, he says, it should be seen within an overall human resources context.

"Employees need to be told, in simple, straightforward language, the nature of the threat. They need to understand what protection measures the organisation has deployed, and why, and how these may affect them in carrying out their duties", he said.

"It also ensures that staff – who are increasingly working from home these days – are not exposing business resources to unnecessary risks", he added.

What’s Hot on Infosecurity Magazine?